What the vulnerability does

01Description

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested storefront accounts can be created on behalf of visitors.

Key dates

02Disclosure timeline

January 4, 2025 CVE published
January 6, 2025 Record updated

Related vulnerabilities

04Related CVE