CVE-2023-38207

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 9, 2023

Updated: Sep 14, 2023

CWE ID 91

Summary

CVE-2023-38207 is a newly identified vulnerability affecting Adobe Commerce versions 2.4.6-p1, 2.4.5-p3, and 2.4.4-p4, and earlier. This issue involves an XML Injection or Blind XPath Injection vulnerability, which can permit minor arbitrary file system reads without requiring any user interaction. The exploitation of this vulnerability could potentially expose sensitive data, making it crucial for affected organizations to apply the necessary patches promptly to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe Commerce

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r-y7QJ
https://www.cve.org/CVERecord?id=CVE-2023-38207
https://nvd.nist.gov/vuln/detail/CVE-2023-38207

Back to Vulnerability Database