Vulnerabilities > Adobe > Commerce > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-13 | CVE-2023-38251 | Resource Exhaustion vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. | 5.3 |
| 2023-08-09 | CVE-2023-38209 | Incorrect Authorization vulnerability in Adobe Commerce Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. | 6.5 |
| 2023-06-15 | CVE-2023-29287 | Information Exposure vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. | 5.3 |
| 2023-06-15 | CVE-2023-29288 | Incorrect Authorization vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. | 4.3 |
| 2023-06-15 | CVE-2023-29289 | XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. | 6.5 |
| 2023-06-15 | CVE-2023-29290 | Missing Support for Integrity Check vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. | 5.3 |
| 2023-06-15 | CVE-2023-29291 | Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. | 4.9 |
| 2023-06-15 | CVE-2023-29292 | Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. | 4.9 |
| 2023-06-15 | CVE-2023-29294 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. | 4.3 |
| 2023-06-15 | CVE-2023-29295 | Incorrect Authorization vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. | 4.3 |