CVE-2023-38207

Summary

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.

Affected Software

VendorProductVersion RangeStatus
AdobeAdobe Commerce0 <= 2.4.4-p4affected

Weaknesses

  • CWE-91: XML Injection (aka Blind XPath Injection) (CWE-91)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References