CVE-2023-29288

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jun 15, 2023

Updated: Jun 22, 2023

CWE ID 863

Summary

CVE-2023-29288 is a newly disclosed vulnerability affecting Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier. This Incorrect Authorization issue allows privileged attackers to bypass security features and modify another user's data without requiring user interaction. The vulnerability can lead to a security feature bypass, potentially impacting the integrity of affected systems. Adobe Commerce users are urged to update their systems to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe Commerce

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/roCFl1
https://www.cve.org/CVERecord?id=CVE-2023-29288
https://nvd.nist.gov/vuln/detail/CVE-2023-29288

Back to Vulnerability Database