CVE-2023-38218

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 13, 2023

Updated: Dec 4, 2023

CWE ID 863

Summary

CVE-2023-38218 is a newly disclosed vulnerability affecting various versions of Adobe Commerce, including 2.4.7-beta1, 2.4.6-p2, 2.4.5-p4, and 2.4.4-p5. An attacker with valid credentials can take advantage of this Incorrect Authorization issue to gain unauthorized access to sensitive information and escalate privileges, posing a significant risk to impacted organizations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe Commerce

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r-y7QL
https://www.cve.org/CVERecord?id=CVE-2023-38218
https://nvd.nist.gov/vuln/detail/CVE-2023-38218

Back to Vulnerability Database