APSB23-50 - APSB23-50: Security update available for Adobe Commerce Security Update

📅

Bulletin Information

  • Bulletin ID: APSB23-50
  • Product: APSB23-50: Security update available for Adobe Commerce
  • Published: October 10, 2023
  • Priority: 3
  • Severity: Critical
  • CVE Count: 9

Affected Versions

  • Adobe Commerce: 2.4.7-beta1 and earlier2.4.6-p2 and earlier2.4.5-p4 and earlier2.4.4-p5 and earlier2.4.3-ext-4 and earlier2.4.2-ext-4 and earlier2.4.1-ext-4 and earlier2.4.0-ext-4 and earlier2.3.7-p4-ext-4 and earlier*
  • Magento Open Source: 2.4.7-beta1 and earlier2.4.6-p2 and earlier2.4.5-p4 and earlier2.4.4-p5 and earlier

Vulnerability Details

Total Vulnerabilities: 9

Severity Breakdown:

  • Important: 2
  • Critical: 7

Key Vulnerabilities:

1. CVE-2023-38218

  • Category: Improper Input Validation (CWE-20)
  • Impact: Privilege escalation
  • Severity: Critical
  • CVSS Score: 8.8
  • Authentication Required: No

2. CVE-2023-38219

  • Category: Cross-site Scripting (Stored XSS) (CWE-79)
  • Impact: Privilege escalation
  • Severity: Critical
  • CVSS Score: 8.4
  • Authentication Required: Yes

3. CVE-2023-38220

  • Category: Improper Authorization (CWE-285)
  • Impact: Security feature bypass
  • Severity: Critical
  • CVSS Score: 7.5
  • Authentication Required: Yes

…and 6 more vulnerabilities

CVE Identifiers

CVE-2023-38218, CVE-2023-38220, CVE-2023-38249, CVE-2023-38219, CVE-2023-26367, CVE-2023-38251, CVE-2023-38221, CVE-2023-26366, CVE-2023-38250

Read Full Bulletin on Adobe Security Portal →

Previous Next Home