Vulnerabilities > CVE-2023-38207 - Unspecified vulnerability in Adobe Commerce

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

adobe

NVD

Published: 2023-08-09

Updated: 2024-11-21

Summary

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Commerce 2.4.4 Adobe Commerce 2.4.5 Adobe Commerce - Adobe Commerce 2.3.7 Adobe Commerce 2.4.0 Adobe Commerce 2.4.1 Adobe Commerce 2.4.2 Adobe Commerce 2.4.3 Adobe Commerce 2.4.6	49

References

https://helpx.adobe.com/security/products/magento/apsb23-42.html
https://helpx.adobe.com/security/products/magento/apsb23-42.html