CVE-2024-45118: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a…

medium6.5CVSS 3.1

AVNACLPRLUINSUCNIHAN

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.

Affected

23 ranges

Vendor	Product	Version range	Fixed in
adobe	adobe_commerce	<= 2.4.4-p10	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
magento	community-edition	>= 0 < 2.4.4-p11	2.4.4-p11
magento	community-edition	>= 2.4.5-p1 < 2.4.5-p10	2.4.5-p10
magento	community-edition	>= 2.4.6-p1 < 2.4.6-p8	2.4.6-p8
magento	community-edition	>= 2.4.7-beta1 < 2.4.7-p3	2.4.7-p3