4.9
CVSSv3

CVE-2023-29292

CVSSv4: NA | CVSSv3: 4.9 | CVSSv2: NA | VMScore: 590 | EPSS: 0.0007 | KEV: Not Included
Published: 15/06/2023 Updated: 21/11/2024

Vulnerability Summary

Adobe Commerce versions 2.4.6 (and previous versions), 2.4.5-p2 (and previous versions) and 2.4.4-p3 (and previous versions) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

Vulnerable Product Search on Vulmon Subscribe to Product

adobe commerce 2.3.7

adobe commerce 2.4.0

adobe commerce 2.4.1

adobe commerce 2.4.2

adobe commerce 2.4.3

adobe commerce 2.4.4

adobe commerce 2.4.5

adobe commerce 2.4.6

adobe magento 2.4.4

adobe magento 2.4.5

adobe magento 2.4.6