CVE-2023-38220

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-285
View all →

Vulnerability Description

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.

Related Vulnerabilities

CVE-2013-7245

HIGH
CVSS:7.5(High)

The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP S...

CWE-2852013

CVE-2016-1000219

HIGH
CVSS:7.5(High)

Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions...

CWE-2852016

CVE-2016-5420

HIGH
CVSS:7.5(High)

curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by lever...

CWE-2852016

CVE-2016-5676

HIGH
CVSS:7.5(High)

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator passwor...

CWE-2852016

CVE-2017-1002151

HIGH
CVSS:7.5(High)

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization

CWE-2852017

CVE-2017-7484

HIGH
CVSS:7.5(High)

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges ...

CWE-2852017