cvelistv5 - CVE-2022-24093

CVE-2022-24093 (GCVE-0-2022-24093)

Vulnerability from cvelistv5

Published

2023-09-12 07:36

Modified

2025-02-27 20:56

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-20 - Improper Input Validation ()

Summary

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.

References

URL

Tags

	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb22-13.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb22-13.html	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.3.7-p2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:59:23.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb22-13.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-24093",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:51:54.963658Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:56:18.692Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.3.7-p2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2022-04-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 9.1,
            "environmentalSeverity": "CRITICAL",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 9.1,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation (CWE-20)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-12T07:36:03.118Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb22-13.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce post-auth improper input validation leads to remote code execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2022-24093",
    "datePublished": "2023-09-12T07:36:03.118Z",
    "dateReserved": "2022-01-27T20:47:58.755Z",
    "dateUpdated": "2025-02-27T20:56:18.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-24093\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2023-09-12T08:15:12.960\",\"lastModified\":\"2024-11-21T06:49:47.413\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Las versiones 2.4.3-p1 (y anteriores) y 2.3.7-p2 (y anteriores) de Adobe Commerce est\u00e1n afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario y podr\u00eda dar lugar a una ejecuci\u00f3n de c\u00f3digo arbitrario posterior a la autenticaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.7\",\"matchCriteriaId\":\"DBBBFA0E-0D8F-4055-B912-13886EF81ADA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndExcluding\":\"2.4.3\",\"matchCriteriaId\":\"1B6E6964-140A-4640-AFD0-A237BABFC61F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento_open_source:2.3.7:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9083101-E776-41CA-9DC9-455AFEC577F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento_open_source:2.3.7:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4EFC0E8-5DA6-41AF-817F-6C5600C16CCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento_open_source:2.4.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"01129B1A-1BEC-4108-920B-B18B57D08D74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento_open_source:2.4.3:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EBE0746-09A5-4444-9566-B7FCC6369622\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.7\",\"matchCriteriaId\":\"9D3D4DD8-EBF6-4281-B103-CB85CFCAA4C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndExcluding\":\"2.4.3\",\"matchCriteriaId\":\"BF96C367-576B-437B-A86C-CB9CA65CB481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F471E19-8AFE-4A6C-88EA-DF94428518F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"27E5B990-1E1C-46AC-815F-AF737D211C16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B503C35-8C90-4A24-8E60-722CDBBF556B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A453C85-A14A-47B8-B91D-3906BBE42A78\"}]}]}],\"references\":[{\"url\":\"https://helpx.adobe.com/security/products/magento/apsb22-13.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/magento/apsb22-13.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"affected\", \"product\": \"Adobe Commerce\", \"vendor\": \"Adobe\", \"versions\": [{\"lessThanOrEqual\": \"2.3.7-p2\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}]}], \"datePublic\": \"2022-04-12T17:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"availabilityRequirement\": \"NOT_DEFINED\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"confidentialityRequirement\": \"NOT_DEFINED\", \"environmentalScore\": 9.1, \"environmentalSeverity\": \"CRITICAL\", \"exploitCodeMaturity\": \"NOT_DEFINED\", \"integrityImpact\": \"HIGH\", \"integrityRequirement\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"LOW\", \"modifiedAttackVector\": \"NETWORK\", \"modifiedAvailabilityImpact\": \"HIGH\", \"modifiedConfidentialityImpact\": \"HIGH\", \"modifiedIntegrityImpact\": \"HIGH\", \"modifiedPrivilegesRequired\": \"HIGH\", \"modifiedScope\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"remediationLevel\": \"NOT_DEFINED\", \"reportConfidence\": \"NOT_DEFINED\", \"scope\": \"CHANGED\", \"temporalScore\": 9.1, \"temporalSeverity\": \"CRITICAL\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-20\", \"description\": \"Improper Input Validation (CWE-20)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\", \"dateUpdated\": \"2023-09-12T07:36:03.118Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://helpx.adobe.com/security/products/magento/apsb22-13.html\"}], \"source\": {\"discovery\": \"EXTERNAL\"}, \"title\": \"Adobe Commerce post-auth improper input validation leads to remote code execution\"}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T03:59:23.528Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"vendor-advisory\", \"x_transferred\"], \"url\": \"https://helpx.adobe.com/security/products/magento/apsb22-13.html\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-24093\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-26T21:51:54.963658Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-26T20:37:39.886Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-24093\", \"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"adobe\", \"dateReserved\": \"2022-01-27T20:47:58.755Z\", \"datePublished\": \"2023-09-12T07:36:03.118Z\", \"dateUpdated\": \"2025-02-27T20:56:18.692Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-5xmp-7wg5-x68q

Vulnerability from github

Published

2023-09-18 15:30

Modified

2025-03-04 18:19

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

Summary

Magento Open Source affected by Improper Input Validation

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.3"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.3.7"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.3-p1"
            },
            {
              "fixed": "2.4.3-p2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.4.3-p1"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.7-p1"
            },
            {
              "fixed": "2.3.7-p3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/project-community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-24093"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-04T18:19:31Z",
    "nvd_published_at": "2023-09-12T08:15:12Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.",
  "id": "GHSA-5xmp-7wg5-x68q",
  "modified": "2025-03-04T18:19:31Z",
  "published": "2023-09-18T15:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24093"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/magento/magento2"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/magento/apsb22-13.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Magento Open Source affected by Improper Input Validation"
}

gsd-2022-24093

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-24093

Aliases

CVE-2022-24093

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-24093",
    "id": "GSD-2022-24093"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-24093"
      ],
      "details": "Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.",
      "id": "GSD-2022-24093",
      "modified": "2023-12-13T01:19:42.729960Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2022-24093",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Adobe Commerce",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThanOrEqual": "2.3.7-p2",
                                "status": "affected",
                                "version": "0",
                                "versionType": "semver"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Adobe"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 9.1,
            "environmentalSeverity": "CRITICAL",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 9.1,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "Improper Input Validation (CWE-20)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpx.adobe.com/security/products/magento/apsb22-13.html",
            "refsource": "MISC",
            "url": "https://helpx.adobe.com/security/products/magento/apsb22-13.html"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento_open_source:2.3.7:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento_open_source:2.4.3:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento_open_source:2.4.3:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento_open_source:2.3.7:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.3",
                "versionStartIncluding": "2.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.3",
                "versionStartIncluding": "2.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2022-24093"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/magento/apsb22-13.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/magento/apsb22-13.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-09-18T13:52Z",
      "publishedDate": "2023-09-12T08:15Z"
    }
  }
}

CERTFR-2022-AVI-333

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Adobe. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	Acrobat DC	Acrobat DC pour Windows versions antérieures à 22.001.20117
Adobe	Acrobat Reader	Acrobat Reader 2020 pour Mac versions antérieures à 20.005.30331
Adobe	Acrobat Reader	Acrobat Reader 2020 pour Windows versions antérieures à 20.005.30334
Adobe	Acrobat	Acrobat 2017 pour Mac versions antérieures à 17.012.30227
Adobe	Commerce	Adobe Commerce versions 2.4.x antérieures à 2.4.3-p2, 2.4.4
Adobe	Acrobat Reader DC	Acrobat Reader DC pour Mac versions antérieures à 22.001.20112
Adobe	Acrobat Reader	Acrobat Reader 2017 pour Windows versions antérieures à 17.012.30229
Adobe	Commerce	Adobe Commerce versions 2.3.x antérieures à 2.3.7-p3
Adobe	Magento	Magento Open Source versions 2.4.x antérieures 2.4.3-p2, 2.4.4
Adobe	Acrobat Reader DC	Acrobat Reader DC pour Windows versions antérieures à 22.001.20117
Adobe	Acrobat	Acrobat 2020 pour Mac versions antérieures à 20.005.30331
Adobe	Magento	Magento Open Source versions 2.3.x antérieures à 2.3.7-p3
Adobe	Acrobat	Acrobat 2017 pour Windows versions antérieures à 17.012.30229
Adobe	Acrobat Reader	Acrobat Reader 2017 pour Mac versions antérieures à 17.012.30227
Adobe	Acrobat	Acrobat 2020 pour Windows versions antérieures à 20.005.30334
Adobe	Acrobat DC	Acrobat DC pour Mac versions antérieures à 22.001.20112

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb22-16 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Adobe apsb22-13 du 12 avril 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Acrobat DC pour Windows versions ant\u00e9rieures \u00e0 22.001.20117",
      "product": {
        "name": "Acrobat DC",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat Reader 2020 pour Mac versions ant\u00e9rieures \u00e0 20.005.30331",
      "product": {
        "name": "Acrobat Reader",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat Reader 2020 pour Windows versions ant\u00e9rieures \u00e0 20.005.30334",
      "product": {
        "name": "Acrobat Reader",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat 2017 pour Mac versions ant\u00e9rieures \u00e0 17.012.30227",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce versions 2.4.x ant\u00e9rieures \u00e0 2.4.3-p2, 2.4.4",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat Reader DC pour Mac versions ant\u00e9rieures \u00e0 22.001.20112",
      "product": {
        "name": "Acrobat Reader DC",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat Reader 2017 pour Windows versions ant\u00e9rieures \u00e0 17.012.30229",
      "product": {
        "name": "Acrobat Reader",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Commerce versions 2.3.x ant\u00e9rieures \u00e0 2.3.7-p3",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.x ant\u00e9rieures 2.4.3-p2, 2.4.4",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat Reader DC pour Windows versions ant\u00e9rieures \u00e0 22.001.20117",
      "product": {
        "name": "Acrobat Reader DC",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat 2020 pour Mac versions ant\u00e9rieures \u00e0 20.005.30331",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.3.x ant\u00e9rieures \u00e0 2.3.7-p3",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat 2017 pour Windows versions ant\u00e9rieures \u00e0 17.012.30229",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat Reader 2017 pour Mac versions ant\u00e9rieures \u00e0 17.012.30227",
      "product": {
        "name": "Acrobat Reader",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat 2020 pour Windows versions ant\u00e9rieures \u00e0 20.005.30334",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat DC pour Mac versions ant\u00e9rieures \u00e0 22.001.20112",
      "product": {
        "name": "Acrobat DC",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-28242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28242"
    },
    {
      "name": "CVE-2022-27798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27798"
    },
    {
      "name": "CVE-2022-28236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28236"
    },
    {
      "name": "CVE-2022-27791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27791"
    },
    {
      "name": "CVE-2022-28263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28263"
    },
    {
      "name": "CVE-2022-28269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28269"
    },
    {
      "name": "CVE-2022-28259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28259"
    },
    {
      "name": "CVE-2022-27790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27790"
    },
    {
      "name": "CVE-2022-28235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28235"
    },
    {
      "name": "CVE-2022-24101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24101"
    },
    {
      "name": "CVE-2022-28241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28241"
    },
    {
      "name": "CVE-2022-27787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27787"
    },
    {
      "name": "CVE-2022-28257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28257"
    },
    {
      "name": "CVE-2022-27786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27786"
    },
    {
      "name": "CVE-2022-28248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28248"
    },
    {
      "name": "CVE-2022-28264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28264"
    },
    {
      "name": "CVE-2022-28237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28237"
    },
    {
      "name": "CVE-2022-28249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28249"
    },
    {
      "name": "CVE-2022-28254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28254"
    },
    {
      "name": "CVE-2022-28262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28262"
    },
    {
      "name": "CVE-2022-27800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27800"
    },
    {
      "name": "CVE-2022-27797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27797"
    },
    {
      "name": "CVE-2022-28230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28230"
    },
    {
      "name": "CVE-2022-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27789"
    },
    {
      "name": "CVE-2022-28245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28245"
    },
    {
      "name": "CVE-2022-24104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24104"
    },
    {
      "name": "CVE-2022-24103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24103"
    },
    {
      "name": "CVE-2022-24093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24093"
    },
    {
      "name": "CVE-2022-27795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27795"
    },
    {
      "name": "CVE-2022-28238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28238"
    },
    {
      "name": "CVE-2022-27793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27793"
    },
    {
      "name": "CVE-2022-27799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27799"
    },
    {
      "name": "CVE-2022-28260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28260"
    },
    {
      "name": "CVE-2022-28244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28244"
    },
    {
      "name": "CVE-2022-24102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24102"
    },
    {
      "name": "CVE-2022-28250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28250"
    },
    {
      "name": "CVE-2022-28253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28253"
    },
    {
      "name": "CVE-2022-28265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28265"
    },
    {
      "name": "CVE-2022-28239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28239"
    },
    {
      "name": "CVE-2022-28243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28243"
    },
    {
      "name": "CVE-2022-28255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28255"
    },
    {
      "name": "CVE-2022-28246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28246"
    },
    {
      "name": "CVE-2022-28252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28252"
    },
    {
      "name": "CVE-2022-28267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28267"
    },
    {
      "name": "CVE-2022-28261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28261"
    },
    {
      "name": "CVE-2022-28231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28231"
    },
    {
      "name": "CVE-2022-28232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28232"
    },
    {
      "name": "CVE-2022-28266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28266"
    },
    {
      "name": "CVE-2022-28247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28247"
    },
    {
      "name": "CVE-2022-28251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28251"
    },
    {
      "name": "CVE-2022-27802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27802"
    },
    {
      "name": "CVE-2022-27801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27801"
    },
    {
      "name": "CVE-2022-27785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27785"
    },
    {
      "name": "CVE-2022-28240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28240"
    },
    {
      "name": "CVE-2022-28256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28256"
    },
    {
      "name": "CVE-2022-27796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27796"
    },
    {
      "name": "CVE-2022-28268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28268"
    },
    {
      "name": "CVE-2022-27792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27792"
    },
    {
      "name": "CVE-2022-28258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28258"
    },
    {
      "name": "CVE-2022-28233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28233"
    },
    {
      "name": "CVE-2022-27788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27788"
    },
    {
      "name": "CVE-2022-27794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27794"
    },
    {
      "name": "CVE-2022-28234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28234"
    }
  ],
  "initial_release_date": "2022-04-13T00:00:00",
  "last_revision_date": "2022-04-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-333",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb22-16 du 12 avril 2022",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb22-16.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb22-13 du 12 avril 2022",
      "url": "https://helpx.adobe.com/security/products/magento/apsb22-13.html"
    }
  ]
}

fkie_cve-2022-24093

Vulnerability from fkie_nvd

Published

2023-09-12 08:15

Modified

2024-11-21 06:49

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb22-13.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb22-13.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	magento_open_source	*
adobe	magento_open_source	*
adobe	magento_open_source	2.3.7
adobe	magento_open_source	2.3.7
adobe	magento_open_source	2.4.3
adobe	magento_open_source	2.4.3
adobe	commerce	*
adobe	commerce	*
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.3
adobe	commerce	2.4.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBBBFA0E-0D8F-4055-B912-13886EF81ADA",
              "versionEndExcluding": "2.3.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6E6964-140A-4640-AFD0-A237BABFC61F",
              "versionEndExcluding": "2.4.3",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento_open_source:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "A9083101-E776-41CA-9DC9-455AFEC577F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento_open_source:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D4EFC0E8-5DA6-41AF-817F-6C5600C16CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento_open_source:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "01129B1A-1BEC-4108-920B-B18B57D08D74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento_open_source:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "5EBE0746-09A5-4444-9566-B7FCC6369622",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3D4DD8-EBF6-4281-B103-CB85CFCAA4C0",
              "versionEndExcluding": "2.3.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF96C367-576B-437B-A86C-CB9CA65CB481",
              "versionEndExcluding": "2.4.3",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.3-p1 (y anteriores) y 2.3.7-p2 (y anteriores) de Adobe Commerce est\u00e1n afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario y podr\u00eda dar lugar a una ejecuci\u00f3n de c\u00f3digo arbitrario posterior a la autenticaci\u00f3n."
    }
  ],
  "id": "CVE-2022-24093",
  "lastModified": "2024-11-21T06:49:47.413",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-12T08:15:12.960",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb22-13.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb22-13.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-24093 (GCVE-0-2022-24093)

Vulnerability from cvelistv5

ghsa-5xmp-7wg5-x68q

Vulnerability from github

gsd-2022-24093

Vulnerability from gsd

CERTFR-2022-AVI-333

Vulnerability from certfr_avis

Solution

fkie_cve-2022-24093

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature