CVE-2025-22385 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confi…
Medium CVSS: 5.9

CVE-2025-22385

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested storefront accounts can be created on behalf of visitors.
Vendor
Optimizely
Product
Configured Commerce
CWE
CWE-862
Yayın Tarihi
2025-01-04 02:15:07
Güncelleme
2025-05-20 20:12:36
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-862 Configured Commerce MEDIUM Optimizely 2025

Referanslar

https://support.optimizely.com/hc/en-us/articles/32695419706637-Configured-Commerce-Security-Advisory-COM-2024-05