Adobe Commerce

CVEs (23)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2024-20720	Adobe Inc. Commerce	0.01	—	0.07	Feb 15, 2024	Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue…
CVE-2023-29297	Adobe Inc. Adobe Commerce	0.01	—	0.09	Jun 15, 2023	Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated…
CVE-2023-38251	Adobe Inc. Commerce	0.00	—	0.00	Oct 13, 2023	Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does…
CVE-2023-38219	Adobe Inc. Commerce	0.00	—	0.02	Oct 13, 2023	Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into…
CVE-2023-26367	Adobe Inc. Commerce	0.00	—	0.00	Oct 13, 2023	Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker.…
CVE-2023-38250	Adobe Inc. Commerce	0.00	—	0.02	Oct 13, 2023	Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code…
CVE-2023-38249	Adobe Inc. Commerce	0.00	—	0.02	Oct 13, 2023	Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code…
CVE-2023-38221	Adobe Inc. Commerce	0.00	—	0.02	Oct 13, 2023	Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code…
CVE-2022-24093	Adobe Inc. Commerce	0.00	—	0.01	Sep 12, 2023	Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.
CVE-2023-38208	Adobe Inc. Adobe Commerce	0.00	—	0.04	Aug 9, 2023	Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an…
CVE-2023-38209	Adobe Inc. Adobe Commerce	0.00	—	0.00	Aug 9, 2023	Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other…
CVE-2023-22248	Adobe Inc. Adobe Commerce	0.00	—	0.00	Jun 15, 2023	Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data.…
CVE-2023-29295	Adobe Inc. Adobe Commerce	0.00	—	0.00	Jun 15, 2023	Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor…
CVE-2023-29288	Adobe Inc. Commerce	0.00	—	0.00	Jun 15, 2023	Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor…
CVE-2023-29296	Adobe Inc. Adobe Commerce	0.00	—	0.00	Jun 15, 2023	Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor…
CVE-2023-29293	Adobe Inc. Commerce	0.00	—	0.00	Jun 15, 2023	Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the…
CVE-2023-29289	Adobe Inc. Adobe Commerce	0.00	—	0.00	Jun 15, 2023	Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not…
CVE-2023-29290	Adobe Inc. Adobe Commerce	0.00	—	0.00	Jun 15, 2023	Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality.…
CVE-2022-34259	Adobe Inc. Adobe Commerce	0.00	—	0.00	Aug 16, 2022	Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a…
CVE-2022-34254	Adobe Inc. Adobe Commerce	0.00	—	0.01	Aug 16, 2022	Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the…

CVE-2024-20720Feb 15, 2024
Adobe Inc.
Commerce
risk 0.01cvss —epss 0.07
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue…
CVE-2023-29297Jun 15, 2023
Adobe Inc.
Adobe Commerce
risk 0.01cvss —epss 0.09
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated…
CVE-2023-38251Oct 13, 2023
Adobe Inc.
Commerce
risk 0.00cvss —epss 0.00
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does…
CVE-2023-38219Oct 13, 2023
Adobe Inc.
Commerce
risk 0.00cvss —epss 0.02
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into…
CVE-2023-26367Oct 13, 2023
Adobe Inc.
Commerce
risk 0.00cvss —epss 0.00
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker.…
CVE-2023-38250Oct 13, 2023
Adobe Inc.
Commerce
risk 0.00cvss —epss 0.02
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code…
CVE-2023-38249Oct 13, 2023
Adobe Inc.
Commerce
risk 0.00cvss —epss 0.02
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code…
CVE-2023-38221Oct 13, 2023
Adobe Inc.
Commerce
risk 0.00cvss —epss 0.02
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code…
CVE-2022-24093Sep 12, 2023
Adobe Inc.
Commerce
risk 0.00cvss —epss 0.01
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.
CVE-2023-38208Aug 9, 2023
Adobe Inc.
Adobe Commerce
risk 0.00cvss —epss 0.04
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an…
CVE-2023-38209Aug 9, 2023
Adobe Inc.
Adobe Commerce
risk 0.00cvss —epss 0.00
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other…
CVE-2023-22248Jun 15, 2023
Adobe Inc.
Adobe Commerce
risk 0.00cvss —epss 0.00
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data.…
CVE-2023-29295Jun 15, 2023
Adobe Inc.
Adobe Commerce
risk 0.00cvss —epss 0.00
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor…
CVE-2023-29288Jun 15, 2023
Adobe Inc.
Commerce
risk 0.00cvss —epss 0.00
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor…
CVE-2023-29296Jun 15, 2023
Adobe Inc.
Adobe Commerce
risk 0.00cvss —epss 0.00
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor…
CVE-2023-29293Jun 15, 2023
Adobe Inc.
Commerce
risk 0.00cvss —epss 0.00
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vulnerability to impact the…
CVE-2023-29289Jun 15, 2023
Adobe Inc.
Adobe Commerce
risk 0.00cvss —epss 0.00
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. An attacker with low privileges can trigger a specially crafted script to a security feature bypass. Exploitation of this issue does not…
CVE-2023-29290Jun 15, 2023
Adobe Inc.
Adobe Commerce
risk 0.00cvss —epss 0.00
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality.…
CVE-2022-34259Aug 16, 2022
Adobe Inc.
Adobe Commerce
risk 0.00cvss —epss 0.00
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a…
CVE-2022-34254Aug 16, 2022
Adobe Inc.
Adobe Commerce
risk 0.00cvss —epss 0.01
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the…

Page 1 of 2