CVE-2022-42344

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.
References
Configurations

Configuration 1

cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*
cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*
cpe:2.3:a:magento:magento:2.4.4:-:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:2.4.3:p1:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:2.4.3:p2:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:2.4.3:-:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:2.3.7:p3:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:2.3.7:p1:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:2.3.7:p2:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:2.3.7:-:*:*:open_source:*:*:*
cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*

Information

Published : 2022-10-20 05:15

Updated : 2022-10-21 07:02


NVD link : CVE-2022-42344

Mitre link : CVE-2022-42344

Products Affected
No products.
CWE