CVSS Score of 10 (low)


Published Jun 15, 2023
Updated: Jun 22, 2023
CWE ID 918


CVE-2023-29291 is a Server-Side Request Forgery (SSRF) vulnerability affecting Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier, and 2.4.4-p3 and earlier. This vulnerability allows an attacker with admin privileges to inject arbitrary URLs and make the application perform unauthorized requests, potentially leading to arbitrary file system read access. The exploitation of this vulnerability does not require user interaction. The affected products include Adobe Commerce as well as several other related products. It is recommended to apply the necessary patches or updates provided by Adobe to remediate this vulnerability as it poses a medium risk with high confidentiality impact to organizations utilizing the affected software versions.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-29291 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options