APSB23-17 - APSB23-17: Security update available for Adobe Commerce Security Update
Bulletin Information
- Bulletin ID: APSB23-17
- Product: APSB23-17: Security update available for Adobe Commerce
- Published: March 14, 2023
- Priority: 3
- Severity: Critical
- CVE Count: 4
Affected Versions
- Adobe Commerce: 2.4.4-p2 and earlier versions
- 2.4.5-p1 and earlier version: All
- Magento Open Source: 2.4.4-p2 and earlier versions
- 2.4.5-p1 and earlier version: All
Vulnerability Details
Total Vulnerabilities: 4
Severity Breakdown:
- Moderate: 1
- Important: 2
- Critical: 1
Key Vulnerabilities:
1. CVE-2023-22247
- Category: XML Injection (aka Blind XPath Injection) (CWE-91)
- Impact: Arbitrary file system read
- Severity: Critical
- CVSS Score: 7.5
- Authentication Required: No
2. CVE-2023-22249
- Category: Cross-site Scripting (Stored XSS) (CWE-79)
- Impact: Arbitrary code execution
- Severity: Important
- CVSS Score: 4.8
- Authentication Required: Yes
3. CVE-2023-22250
- Category: Improper Access Control (CWE-284)
- Impact: Security feature bypass
- Severity: Important
- CVSS Score: 5.3
- Authentication Required: No
…and 1 more vulnerabilities
CVE Identifiers
CVE-2023-22247, CVE-2023-22250, CVE-2023-22251, CVE-2023-22249