Vulnerabilities > CVE-2023-38218 - Incorrect Authorization vulnerability in Adobe Commerce and Magento

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

adobe

CWE-863

NVD

Published: 2023-10-13

Updated: 2024-11-21

Summary

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Commerce 2.3.7 Adobe Commerce 2.4.3 Adobe Commerce 2.4.4 Adobe Commerce 2.4.5 Adobe Commerce 2.4.6 Adobe Commerce 2.4.0 Adobe Commerce 2.4.1 Adobe Commerce 2.4.2 Adobe Commerce 2.4.7 Adobe Magento 2.4.4 Adobe Magento 2.4.5 Adobe Magento 2.4.6 Adobe Magento 2.4.7	58

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References