CVE-2024-34108

CWE-20Improper Input Validation3 documents3 sources
Severity
7.2HIGH
EPSS
4.3%
top 11.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe Adobe CommerceAdobe Commerce WebhooksAdobe Commerce+1 more
Timeline
PublishedJun 13

Description

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required and scope is changed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages4 packages

CVEListV5adobe/adobe_commerce2.4.4-p8
NVDadobe/commerce_webhooks1.2.01.4.0
NVDadobe/commerce8 versions+7
NVDadobe/magento4 versions+3

🔴Vulnerability Details

2
CVEList
Large attack surface through legit webhook usage in Adobe Commerce2024-06-13
GHSA
GHSA-x9g5-mhfw-m5p8: Adobe Commerce versions 22024-06-13
CVE-2024-34108 (HIGH CVSS 7.2) | Adobe Commerce versions 2.4.7 | cvebase.io