Description
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
Related CPE's
a
adobe
commerce
6
a
adobe
magento_open_source
6
References
https://helpx.adobe.com/security/products/magento/apsb23-17.html
Release NotesVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2023-03-27T21:15:10.727
2 years agoLast modified
2023-04-04T20:51:40.340
2 years ago