CVE-2022-24086

CRITICALCISA KEV

9.8

Description

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie2/16/2022

Derniere modification10/23/2025

Sourcekev

Observations honeypot0

CISA KEV

FournisseurAdobe

ProduitCommerce and Magento Open Source

Nom vulnerabiliteAdobe Commerce and Magento Open Source Improper Input Validation Vulnerability

Date ajout KEV2022-02-15

Date limite remediation2022-03-01

Utilise dans ransomwareUnknown

Produits affectes

adobe:commerceadobe:magento

Faiblesses (CWE)

CWE-20

References

https://helpx.adobe.com/security/products/magento/apsb22-12.html(psirt@adobe.com)

https://helpx.adobe.com/security/products/magento/apsb22-12.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24086(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.