CVE-2024-45128: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a…

medium5.4CVSS 3.1

AVNACLPRLUINSUCNILAL

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction.

Affected

23 ranges

Vendor	Product	Version range	Fixed in
adobe	adobe_commerce	<= 2.4.4-p10	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
magento	community-edition	>= 0 < 2.4.4-p11	2.4.4-p11
magento	community-edition	>= 2.4.5-p1 < 2.4.5-p10	2.4.5-p10
magento	community-edition	>= 2.4.6-p1 < 2.4.6-p8	2.4.6-p8
magento	community-edition	>= 2.4.7-beta1 < 2.4.7-p3	2.4.7-p3