Description
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.
Remediation
References
Related Vulnerabilities
e107 Credentials Management Errors Vulnerability (CVE-2013-7305)
WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.11)
WordPress Plugin Coming Soon & Maintenance Mode Page Unspecified Vulnerability (1.40)
Oracle Database Server CVE-2012-0520 Vulnerability (CVE-2012-0520)