### Critical Vulnerability Information #### Vulnerability Overview - **Announcement ID**: APSB23-50 - **Release Date**: June 13, 2023 - **Priority**: 1 Adobe has released security updates for Adobe Commerce and Magento Open Source, addressing multiple critical and important vulnerabilities. Successful exploitation of these vulnerabilities could lead to security feature bypass, privilege escalation, and arbitrary code execution. #### Affected Versions | Product | Version | Platform | | --- | --- | --- | | Adobe Commerce | 2.4.6, 2.4.7-patch1, 2.4.7-patch2, 2.4.5-p2 and earlier, 2.4.6-p1 and earlier | All | | Adobe Commerce B2B | 1.5.5 and earlier, 1.4.2 and earlier, 1.3.4-p1 and earlier, 1.3.4-p2 and earlier, 1.3.5-p3 and earlier | All | | Magento Open Source | 2.4.6, 2.4.6-p1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p2 and earlier | All | #### Solution Adobe recommends users update to the latest versions to resolve these vulnerabilities. #### Vulnerability Details | Vulnerability Category | Impact | Severity | Authentication Required | Admin Privileges Required | CVSS Base Score | | --- | --- | --- | --- | --- | --- | | Arbitrary Code Execution (CVE-2023-40798) | Arbitrary Code Execution | Critical | No | Yes | 9.1 | | Security Feature Bypass (CVE-2023-40797) | Security Feature Bypass | Critical | No | No | 8.2 | | Privilege Escalation (CVE-2023-40796) | Privilege Escalation | Important | Yes | No | 5.5 | | Privilege Escalation (CVE-2023-40795) | Privilege Escalation | Important | No | No | 5.5 | #### Notes - Authentication Requirements: Some vulnerabilities require authentication to be exploited. - Infrastructure: Certain vulnerabilities can only be exploited by attackers with administrative privileges. ``` This summary outlines the key details of the vulnerabilities, including affected product versions, severity levels, potential impacts, and how to resolve them through updates.