CVE-2022-34256

HIGH

Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - Privilege Escalation

Title source: llm

Description

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://helpx.adobe.com/security/products/magento/apsb22-38.html

Scores

CVSS v3 7.5

EPSS 0.0041

EPSS Percentile 61.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-285

Status published

Products (9)

adobe/commerce 2.3.7 (4 CPE variants)

adobe/commerce 2.4.3 (3 CPE variants)

adobe/commerce 2.4.4

adobe/commerce 2.3.0 - 2.3.7

magento/community-edition 2.3.0 - 2.3.7-p4Packagist

magento/magento 2.3.7 (4 CPE variants)

magento/magento 2.4.3 (3 CPE variants)

magento/magento 2.4.4

magento/magento 2.3.0 - 2.3.7

Published Aug 16, 2022

Tracked Since Feb 18, 2026