CVE-2023-38207

{"id": "CVE-2023-38207", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-08-09T08:15:09.443", "references": [{"url": "https://helpx.adobe.com/security/products/magento/apsb23-42.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-91"}]}], "descriptions": [{"lang": "en", "value": "Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction."}, {"lang": "es", "value": "Las versiones 2.4.6-p1 (y anteriores), 2.4.5-p3 (y anteriores) y 2.4.4-p4 (y anteriores) de Adobe Commerce est\u00e1n afectadas por una vulnerabilidad de inyecci\u00f3n XML (tambi\u00e9n conocida como Blind XPath Injection) que podr\u00eda provocar una lectura menor del sistema de archivos arbitrario. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."}], "lastModified": "2023-09-14T13:15:08.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76AAB57F-7723-44E0-B91A-9F120C849AC4", "versionEndExcluding": "2.4.4"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798"}, {"criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}