CVE-2024-34104

CWE-2854 documents4 sources

Severity

8.2HIGH

EPSS

0.6%

top 30.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Magento Community-edition Adobe Adobe Commerce Adobe Commerce Webhooks +2 more

Timeline

PublishedJun 13

Description

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 3.9 | Impact: 4.2

Affected Packages5 packages

▶CVEListV5adobe/adobe_commerce2.4.4-p8

▶NVDadobe/commerce_webhooks1.2.0 — 1.4.0

▶NVDadobe/commerce8 versions+7

▶NVDadobe/magento4 versions+3

▶Packagistmagento/community-edition2.4.6-p1 — 2.4.6-p6+2

🔴Vulnerability Details

GHSA

Magento Open Source Improper Authorization vulnerability↗2024-06-13

▶

CVEList

Adobe Commerce | Improper Authorization (CWE-285)↗2024-06-13

▶

OSV

Magento Open Source Improper Authorization vulnerability↗2024-06-13

▶