- Description
- Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
- Source
- psirt@adobe.com
- NVD status
- Analyzed
- Products
- commerce, magento
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Data from CISA
- Vulnerability name
- Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
- Exploit added on
- Feb 15, 2022
- Exploit action due
- Mar 1, 2022
- Required action
- Apply updates per vendor instructions.
- psirt@adobe.com
- CWE-20
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90B19F1A-11A1-4315-8433-6B8938228BF7",
"versionEndExcluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE057011-26D8-4298-8D24-624CCD26F014",
"versionEndIncluding": "2.3.6",
"versionStartIncluding": "2.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFF83C-2A52-442D-8349-7B37843B630F",
"versionEndIncluding": "2.4.2",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
"matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
"matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "8A453C85-A14A-47B8-B91D-3906BBE42A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
"matchCriteriaId": "67B41B1F-86FE-43A9-BE12-42F15F47446A",
"versionEndExcluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
"matchCriteriaId": "9F0EBEC1-B55D-40FE-A649-969D7B2F5BA3",
"versionEndIncluding": "2.3.6",
"versionStartExcluding": "2.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*",
"matchCriteriaId": "59C7EB66-4DC7-40E5-AEA5-605A930E09EB",
"versionEndIncluding": "2.4.2",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.3.7:p1:*:*:open_source:*:*:*",
"matchCriteriaId": "B8BEB5B9-87A6-466B-AEA3-516025219219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.3.7:p2:*:*:open_source:*:*:*",
"matchCriteriaId": "E8A5A54D-A2B8-4D3F-9F02-A8D60BFD52A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.3:-:*:*:open_source:*:*:*",
"matchCriteriaId": "45FD678B-59DE-4F05-8BB3-A02F5EBA7414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:magento:2.4.3:p1:*:*:open_source:*:*:*",
"matchCriteriaId": "431F341D-81A0-439F-B6D8-898E55FC1780",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]