CVE-2023-29296

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jun 15, 2023

Updated: Jun 22, 2023

CWE ID 863

Summary

CVE-2023-29296 is a recently disclosed Incorrect Authorization vulnerability affecting Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier. This issue allows a low-privileged attacker to bypass security features, enabling unauthorized modification of another user's data without user interaction. Although the vulnerability doesn't grant full control, it represents a significant risk to the integrity of affected systems. Users are urged to apply the available patches as soon as possible to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe Commerce

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/roCFmF
https://www.cve.org/CVERecord?id=CVE-2023-29296
https://nvd.nist.gov/vuln/detail/CVE-2023-29296

Back to Vulnerability Database