Description
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.
Remediation
References
Related Vulnerabilities
JBoss Application Server Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-3609)
XWiki Cleartext Storage of Sensitive Information Vulnerability (CVE-2023-50719)
WordPress Plugin WHOIS 'domain' Parameter Cross-Site Scripting (1.4.2.2)
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51487)
WordPress Plugin JoomSport-for Sports: Team & League, Football, Hockey & more SQL Injection (3.3)