Adobe Magento vulnerabilities
175 known vulnerabilities affecting adobe/magento.
Total CVEs
175
CISA KEV
3
actively exploited
Public exploits
3
Exploited in wild
2
Severity breakdown
CRITICAL22HIGH55MEDIUM86LOW12
Vulnerabilities
Page 8 of 9
CVE-2023-29288MEDIUMCVSS 4.3v2.4.4v2.4.5+1 more2023-06-15
CVE-2023-29288 [MEDIUM] CWE-863 CVE-2023-29288: Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are a
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not req
nvd
CVE-2023-29295MEDIUMCVSS 4.3v2.4.4v2.4.5+1 more2023-06-15
CVE-2023-29295 [MEDIUM] CWE-863 CVE-2023-29295: Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are a
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interacti
nvd
CVE-2023-29293LOWCVSS 2.7v2.4.4v2.4.5+1 more2023-06-15
CVE-2023-29293 [LOW] CWE-20 CVE-2023-29293: Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are a
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not
nvd
CVE-2022-24086CRITICALCVSS 9.8KEVPoCfixed in 2.3.0≤ 2.3.6+3 more2022-02-16
CVE-2022-24086 [CRITICAL] CWE-20 CVE-2022-24086: Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an imprope
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
nvd
CVE-2021-21013HIGHCVSS 8.1≤ 2.4.1≥ 2.4.12021-01-13
CVE-2021-21013 [HIGH] CWE-863 CVE-2021-21013: Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.
nvd
CVE-2020-9691CRITICALCVSS 9.6v2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions2020-07-29
CVE-2020-9691 [CRITICAL] CWE-79 CVE-2020-9691: Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scriptin
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.
cvelistv5nvd
CVE-2020-9689MEDIUMCVSS 6.5v2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions2020-07-29
CVE-2020-9689 [MEDIUM] CWE-22 CVE-2020-9689: Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability.
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.
cvelistv5nvd
CVE-2020-9690MEDIUMCVSS 4.2v2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions2020-07-29
CVE-2020-9690 [MEDIUM] CWE-203 CVE-2020-9690: Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepanc
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
cvelistv5nvd
CVE-2020-9692MEDIUMCVSS 6.5v2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions2020-07-29
CVE-2020-9692 [MEDIUM] CVE-2020-9692: Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vu
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
cvelistv5nvd
CVE-2020-9664CRITICALCVSS 9.8v1.14.4.5 and earlier, and 1.9.4.5 and earlier versions2020-07-22
CVE-2020-9664 [CRITICAL] CWE-502 CVE-2020-9664: Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerabi
Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution.
cvelistv5nvd
CVE-2020-9665MEDIUMCVSS 6.1v1.14.4.5 and earlier, and 1.9.4.5 and earlier versions2020-07-22
CVE-2020-9665 [MEDIUM] CWE-79 CVE-2020-9665: Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vu
Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
cvelistv5nvd
CVE-2020-9632CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9632 [CRITICAL] CVE-2020-9632: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
cvelistv5nvd
CVE-2020-9583CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9583 [CRITICAL] CWE-77 CVE-2020-9583: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
cvelistv5nvd
CVE-2020-9579CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9579 [CRITICAL] CVE-2020-9579: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
cvelistv5nvd
CVE-2020-9578CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9578 [CRITICAL] CWE-77 CVE-2020-9578: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
cvelistv5nvd
CVE-2020-9630CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9630 [CRITICAL] CVE-2020-9630: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation.
cvelistv5nvd
CVE-2020-9580CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9580 [CRITICAL] CVE-2020-9580: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
cvelistv5nvd
CVE-2020-9631CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9631 [CRITICAL] CVE-2020-9631: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
cvelistv5nvd
CVE-2020-9582CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9582 [CRITICAL] CWE-77 CVE-2020-9582: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
cvelistv5nvd
CVE-2020-9585CRITICALCVSS 9.8v2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions2020-06-26
CVE-2020-9585 [CRITICAL] CVE-2020-9585: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code execution.
cvelistv5nvd