APSB23-35 - APSB23-35: Security update available for Adobe Commerce Security Update
Bulletin Information
- Bulletin ID: APSB23-35
- Product: APSB23-35: Security update available for Adobe Commerce
- Published: June 13, 2023
- Priority: 3
- Severity: Critical
- CVE Count: 12
Affected Versions
- Adobe Commerce: 2.4.6 and earlier2.4.5-p2 and earlier2.4.4-p3 and earlier2.4.3-ext-2 and earlier2.4.2-ext-2 and earlier2.4.1-ext-2 and earlier2.4.0-ext-2 and earlier2.3.7-p4-ext-2 and earlier*
- Magento Open Source: 2.4.6 and earlier2.4.5-p2 and earlier2.4.4-p3 and earlier
Vulnerability Details
Total Vulnerabilities: 12
Severity Breakdown:
- Moderate: 5
- Important: 5
- Critical: 2
Key Vulnerabilities:
1. CVE-2023-29287
- Category: Information Exposure (CWE-200)
- Impact: Security feature bypass
- Severity: Important
- CVSS Score: 5.3
- Authentication Required: No
2. CVE-2023-29288
- Category: Incorrect Authorization (CWE-863)
- Impact: Security feature bypass
- Severity: Moderate
- CVSS Score: 4.3
- Authentication Required: Yes
3. CVE-2023-29289
- Category: XML Injection (aka Blind XPath Injection) (CWE-91)
- Impact: Security feature bypass
- Severity: Important
- CVSS Score: 6.5
- Authentication Required: Yes
…and 9 more vulnerabilities
CVE Identifiers
CVE-2023-29289, CVE-2023-29297, CVE-2023-22248, CVE-2023-29287, CVE-2023-29291, CVE-2023-29294, CVE-2023-29290, CVE-2023-29295, CVE-2023-29292, CVE-2023-29288, CVE-2023-29293, CVE-2023-29296