CVE-2022-35689— Adobe Commerce 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2022-35689の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Adobe Commerce Improper Access Control Security feature bypass
ソース: NVD (National Vulnerability Database)
脆弱性説明
Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
访问控制不恰当
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Adobe Commerce 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Adobe Commerce是美国奥多比(Adobe)公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce 2.4.4-p1及之前版本和2.4.5及之前版本存在安全漏洞,该漏洞源于受不当访问控制漏洞的影响,可能导致绕过安全功能。攻击者可以利用此漏洞影响用户次要功能的可用性。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Adobe | Magento Commerce | unspecified ~ 2.4.5 | - |
II. CVE-2022-35689の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2022-35689のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Adobe · 2022-10-14 · 30 CVEs total
| CVE-2022-35698 | 10.0 CRITICAL | Adobe Commerce Stored XSS Arbitrary code execution |
| CVE-2022-38418 | 9.8 CRITICAL | Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerabilit |
| CVE-2022-35710 | 9.8 CRITICAL | Adobe ColdFusion ODBC Server Stack-based Buffer Overflow Remote Code Execution Vulnerabili |
| CVE-2022-35712 | 9.8 CRITICAL | Adobe ColdFusion ODBC Agent Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-35711 | 9.8 CRITICAL | Adobe ColdFusion ODBC Server Heap-based Buffer Overflow Remote Code Execution Vulnerabilit |
| CVE-2022-35690 | 9.8 CRITICAL | Adobe ColdFusion ODBC Agent Stack-based Buffer Overflow Remote Code Execution Vulnerabilit |
| CVE-2022-42339 | 7.8 HIGH | Adobe Acrobat Reader DC XFA Parsing Stack Overflow Remote Code Execution |
| CVE-2022-38444 | 7.8 HIGH | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-38450 | 7.8 HIGH | Adobe Acrobat Reader DC XFA Parsing Stack Overflow Remote Code Execution Vulnerability |
| CVE-2022-38448 | 7.8 HIGH | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-38442 | 7.8 HIGH | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-38447 | 7.8 HIGH | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-38445 | 7.8 HIGH | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-38446 | 7.8 HIGH | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-38441 | 7.8 HIGH | Adobe Dimension GLB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-38440 | 7.8 HIGH | Adobe Dimension SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-38419 | 7.5 HIGH | Adobe ColdFusion Solr Service XML External Entity Processing Arbitrary file system read |
| CVE-2022-38420 | 7.5 HIGH | Adobe ColdFusion Use of Hard-coded Credentials Application denial-of-service |
| CVE-2022-38422 | 7.5 HIGH | Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerabili |
| CVE-2022-42341 | 7.5 HIGH | Adobe ColdFusion Improper Restriction of XML External Entity Reference Arbitrary file syst |
Showing 20 of 30 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Magento Commerce
- CVE-2023-38208
Validate Your Inputs | Improper Neutralization of Special El - CVE-2023-38209
Adobe Commerce Incorrect Authorization Security feature bypa - CVE-2023-29292
Server Side Request Forgery (SSRF) in FedEx carrier integrat - CVE-2023-29296
[Cloud] Customer suspects IDOR vulnerability - CVE-2023-29294
Bypass Purchase Order Approval using Company User in Adobe C
同じベンダー: Adobe
- CVE-2026-34632
Photoshop Installer | CWE-427: Uncontrolled Search Path Elem - CVE-2026-27297
Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (C - CVE-2026-27300
Adobe Framemaker | Access of Uninitialized Pointer (CWE-824) - CVE-2026-27296
Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (C - CVE-2026-27290
Adobe Framemaker | Untrusted Search Path (CWE-426)
同じ弱点: CWE-284
- CVE-2026-8233
Dotouch XproUPF access control - CVE-2026-42569
phpvms: /importer authorization bypass causing full database - CVE-2026-42205
Avo: Broken Access Control: Unauthorized Execution of Arbitr - CVE-2026-41487
Langfuse: Improper role-based-access control in Langfuse LLM - CVE-2026-42278
UltraDAG: Smart Account Spending Policy Bypass via Pockets
V. CVE-2022-35689へのコメント
まだコメントはありません