CVE-2024-34106

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.7%

top 29.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Magento Community-edition Adobe Adobe Commerce Adobe Commerce Webhooks +2 more

Timeline

PublishedJun 13

Description

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5adobe/adobe_commerce2.4.4-p8

▶NVDadobe/commerce_webhooks1.2.0 — 1.4.0

▶NVDadobe/commerce8 versions+7

▶NVDadobe/magento4 versions+3

▶Packagistmagento/community-edition2.4.6-p1 — 2.4.6-p6+2

🔴Vulnerability Details

GHSA

Magento Open Source Incorrect Authorization vulnerability↗2024-06-13

▶

OSV

Magento Open Source Incorrect Authorization vulnerability↗2024-06-13

▶

CVEList

Insecure Direct Object Reference - An attacker can able to erase the victim quote details↗2024-06-13

▶