Brief Description:
A medium-severity issue concerning business logic was identified in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching the server.
Affected Versions:
All versions before 5.2.2408 (STS) and 5.2.2408 (LTS).
Solutions and Mitigations:
The application has been updated to prevent the purchase of discontinued products by validating product status prior to moving into the purchase workflow.
For Users that Cannot Upgrade:
If you are unable to upgrade, the following mitigations are suggested:
- Be aware of purchases submitted that contain items that aren’t available. Triggering this behavior isn’t trivial, but possible.
- Consider removing discontinued products from the storefront.
CVSS and Severity:
CVSS 5.9, Medium
CVE ID:
CVE-2025-22384
Date Published:
Dec 13. 2024
Please sign in to leave a comment.