CVE-2023-22250: 
PHP vulnerability analysis and mitigation

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability identified as CVE-2023-22250. The vulnerability was discovered and assigned on December 19, 2022, and publicly disclosed on March 14, 2023. This security issue affects both Adobe Commerce and Magento Open Source platforms (CVE Details, Adobe Advisory).

The vulnerability is classified as an Improper Access Control issue (CWE-284) that could lead to a security feature bypass. The severity of this vulnerability has been assessed with a CVSS v3.1 Base Score of 5.3 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. The vulnerability can be exploited remotely and requires no user interaction (NVD).

When exploited, this vulnerability could impact the availability of a user's minor feature. The attack vector is network-accessible and does not require user interaction for successful exploitation (NVD).

Adobe has addressed this vulnerability through security updates. Users should upgrade to versions newer than Adobe Commerce 2.4.4-p2 or 2.4.5-p1 to mitigate this security issue (Adobe Advisory).