Vulnerabilities > Adobe > Commerce > 2.4.0

DATE CVE VULNERABILITY TITLE RISK
2023-08-09 CVE-2023-38207 XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read.
network
low complexity
adobe CWE-91
7.5
2023-08-09 CVE-2023-38208 OS Command Injection vulnerability in Adobe Commerce
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker.
network
low complexity
adobe CWE-78
7.2
2023-08-09 CVE-2023-38209 Incorrect Authorization vulnerability in Adobe Commerce
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass.
network
low complexity
adobe CWE-863
6.5
2023-06-15 CVE-2023-22248 Incorrect Authorization vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
network
low complexity
adobe CWE-863
7.5
2023-06-15 CVE-2023-29287 Information Exposure vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass.
network
low complexity
adobe CWE-200
5.3
2023-06-15 CVE-2023-29288 Incorrect Authorization vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
network
low complexity
adobe CWE-863
4.3
2023-06-15 CVE-2023-29289 XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability.
network
low complexity
adobe CWE-91
6.5
2023-06-15 CVE-2023-29290 Missing Support for Integrity Check vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
network
low complexity
adobe CWE-353
5.3
2023-06-15 CVE-2023-29291 Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read.
network
low complexity
adobe CWE-918
4.9
2023-06-15 CVE-2023-29292 Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read.
network
low complexity
adobe CWE-918
4.9