CVE-2022-42344 HIGH

CVE-2022-42344: [CVE-2021-36032] Magento IDOR Leads to Account Takeover

Vendor Adobe

Product Adobe Commerce

Weakness CWE-863 · Incorrect authorization

Published October 20, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

Description

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation.

Key dates

Disclosure timeline

October 20, 2022 CVE published

September 16, 2024 Record updated