APSB22-48 - APSB22-48: Security updates available for Adobe Commerce Security Update - Adobe Digest

Bulletin Information

Bulletin ID: APSB22-48
Product: APSB22-48: Security updates available for Adobe Commerce
Published: October 11, 2022
Priority: 3
Severity: Critical

Affected Versions

Adobe Commerce: 2.4.4-p1 and earlier versions
2.4.5 and earlier versions: All
2.4.3-p3 and earlier versions: All
Magento Open Source: 2.4.4-p1 and earlier versions
2.4.5 and earlier versions: All
…and 1 more versions

Vulnerability Details

Total Vulnerabilities: 2

Severity Breakdown:

Medium: 1
Critical: 1

Key Vulnerabilities:

1. PRODSECBUG-3177

Category: Cross-site Scripting (Stored XSS) (CWE-79)
Impact: Arbitrary code execution
Severity: Critical
CVSS Score: 10.0
Authentication Required: No

2. PRODSECBUG-3180

Category: Improper Access Control (CWE-284)
Impact: Security feature bypass
Severity: Medium
CVSS Score: 5.3
Authentication Required: Yes

Read Full Bulletin on Adobe Security Portal →

Previous Next Home