Vulnerability Description
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Commerce | < 2.3.0 |
| Adobe | Magento | < 2.3.0 |
Related Weaknesses (CWE)
References
- https://helpx.adobe.com/security/products/magento/apsb22-12.htmlPatchRelease NotesVendor Advisory
- https://helpx.adobe.com/security/products/magento/apsb22-12.htmlPatchRelease NotesVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2022-24086?
CVE-2022-24086 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not re...
How severe is CVE-2022-24086?
CVE-2022-24086 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-24086?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Commerce, Adobe Magento.