CVEDB API

Vulnerabilities

Vulnerable Software

Adobe: >> Magento >> 2.4.4 Security Vulnerabilities

CVE-2023-29289

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not require user interaction.

CVSS Score

6.5

EPSS Score

0.003

Published

2023-06-15

CVE-2023-29290

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.

CVSS Score

5.3

EPSS Score

0.001

Published

2023-06-15

CVE-2023-29291

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

CVSS Score

4.9

EPSS Score

0.004

Published

2023-06-15

CVE-2023-29292

CVSS Score

4.9

EPSS Score

0.003

Published

2023-06-15

CVE-2021-21013

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.

CVSS Score

8.1

EPSS Score

0.009

Published

2021-01-13

Page 12

Vulnerabilities

Vulnerable Software

Adobe: >> Magento >> 2.4.4 Security Vulnerabilities

Products

Pricing

Contact Us