CVE-2022-42344
[CVE-2021-36032] Magento IDOR Leads to Account Takeover
8.8
HIGH
CVSS 3.1
EPSS 0.18%
Description
Adobe Commerce versions 2.4.3 (and earlier), 2.3.7 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation.
How to fix CVE-2022-42344
To remediate CVE-2022-42344, upgrade the affected package to a fixed version below.
- —upgrade to 2.3.7 or later
- —upgrade to 2.3.7-p4 or later
Is CVE-2022-42344 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.3.7, >= 2.4.0, < 2.4.5
- from 0, < 2.3.7-p4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |