CVE-2024-45115Improper Authentication in Adobe Commerce

CWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 26.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe CommerceAdobe CommerceAdobe Commerce B2B+1 more
Timeline
PublishedOct 10

Description

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5adobe/adobe_commerce2.4.4-p10
NVDadobe/commerce9 versions+8
NVDadobe/commerce_b2b4 versions+3
NVDadobe/magento5 versions+4

🔴Vulnerability Details

2
CVEList
Adobe Commerce | Improper Authentication (CWE-287)2024-10-10
GHSA
GHSA-5qwh-5j36-wh9w: Adobe Commerce versions 22024-10-10
CVE-2024-45115 — Improper Authentication in Adobe | cvebase