Improper Access Control Vulnerability in Adobe Commerce Allows Security Feature Bypass

Improper Access Control Vulnerability in Adobe Commerce Allows Security Feature Bypass

CVE-2022-35692 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user's account detials. Exploitation of this issue does not require user interaction.

Learn more about our User Device Pen Test.