Optimizely Configured Commerce Business Logic Vulnerability Allowing Purchase of Discontinued Products
Vulnerability
A medium-severity business logic vulnerability has been identified in Optimizely Configured Commerce versions prior to 5.2.2408. This issue exists within the Commerce B2B application and allows storefront visitors to purchase discontinued products under certain conditions where requests are modified before reaching the server.
Impact
Exploitation of this vulnerability could lead to unauthorized purchases of discontinued products.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
0.6exploitability
6.2remediation
0.0relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.