Adobe Commerce Neutralization of Special ElementsVulnerability

Adobe Commerce Neutralization of Special ElementsVulnerability

On June 15, Adobe released that Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability which may lead to arbitrary code execution by an admin-privilege authenticated attacker.

User interaction is not required for the exploitation of this issue.(CVE-2023-29297)

Affected Systems

-

IoC’s

-

Recommended Solution(s)

Adobe categorizes the updates with the priority ratings that are listed on the solution section of the following link: https://helpx.adobe.com/security/products/magento/apsb23-35.html and recommends users to update their installation to the newest version.

Mitigations

-

CVE / CWE

CVE-2023-29297

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2023-29297
• https://helpx.adobe.com/security/products/magento/apsb23-35.html

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.