Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have limited impact to the integrity and availability of data. The exploit depends on conditions beyond the attacker's control.
Exploitation of this issue does not require user interaction.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required
Impact Assessment
Confidentiality
None
No data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption
CVSS Vector v3.1