CVE-2023-22247
Summary
| CVE | CVE-2023-22247 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-27 21:15:00 UTC |
| Updated | 2023-04-04 20:51:00 UTC |
| Description | Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. |
Risk And Classification
Problem Types: CWE-91
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Adobe | Commerce | All | All | All | All |
| Application | Adobe | Commerce | 2.4.4 | - | All | All |
| Application | Adobe | Commerce | 2.4.4 | p1 | All | All |
| Application | Adobe | Commerce | 2.4.4 | p2 | All | All |
| Application | Adobe | Commerce | 2.4.5 | - | All | All |
| Application | Adobe | Commerce | 2.4.5 | p1 | All | All |
| Application | Adobe | Magento Open Source | All | All | All | All |
| Application | Adobe | Magento Open Source | 2.4.4 | - | All | All |
| Application | Adobe | Magento Open Source | 2.4.4 | p1 | All | All |
| Application | Adobe | Magento Open Source | 2.4.4 | p2 | All | All |
| Application | Adobe | Magento Open Source | 2.4.5 | - | All | All |
| Application | Adobe | Magento Open Source | 2.4.5 | p1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Adobe Security Bulletin | MISC | helpx.adobe.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 730759 Adobe Commerce Multiple Security Vulnerabilities (APSB23-17)