CVE-2024-34103

CWE-287 — Improper Authentication4 documents4 sources

Severity

8.1HIGH

EPSS

1.8%

top 17.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Magento Community-edition Adobe Adobe Commerce Adobe Commerce Webhooks +2 more

Timeline

PublishedJun 13

Description

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5adobe/adobe_commerce2.4.4-p8

▶NVDadobe/commerce_webhooks1.2.0 — 1.4.0

▶NVDadobe/commerce8 versions+7

▶NVDadobe/magento4 versions+3

▶Packagistmagento/community-edition2.4.6-p1 — 2.4.6-p6+2

🔴Vulnerability Details

CVEList

Customer account takeover via web API call & subsequent password reset↗2024-06-13

▶

GHSA

Magento Open Source Improper Authentication vulnerability↗2024-06-13

▶

OSV

Magento Open Source Improper Authentication vulnerability↗2024-06-13

▶