Adobe Commerce vulnerabilities

179 known vulnerabilities affecting adobe/adobe_commerce.

Total CVEs

179

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL10HIGH72MEDIUM85LOW12

Vulnerabilities

Page 6 of 9

CVE-2024-39398HIGHCVSS 7.4≤ 2.4.4-p92024-08-14

CVE-2024-39398 [HIGH] CWE-307 CVE-2024-39398: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitat

cvelistv5nvd

CVE-2024-39401HIGHCVSS 8.4≤ 2.4.4-p92024-08-14

CVE-2024-39401 [HIGH] CWE-78 CVE-2024-39401: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.

cvelistv5nvd

CVE-2024-39402HIGHCVSS 8.4≤ 2.4.4-p92024-08-14

CVE-2024-39402 [HIGH] CWE-78 CVE-2024-39402: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.

cvelistv5nvd

CVE-2024-39399HIGHCVSS 7.7≤ 2.4.4-p92024-08-14

CVE-2024-39399 [HIGH] CWE-22 CVE-2024-39399: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the

cvelistv5nvd

CVE-2024-39411MEDIUMCVSS 4.3≤ 2.4.4-p92024-08-14

CVE-2024-39411 [MEDIUM] CWE-285 CVE-2024-39411: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user int

cvelistv5nvd

CVE-2024-39413MEDIUMCVSS 4.3≤ 2.4.4-p92024-08-14

CVE-2024-39413 [MEDIUM] CWE-285 CVE-2024-39413: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user int

cvelistv5nvd

CVE-2024-39406MEDIUMCVSS 6.8≤ 2.4.4-p92024-08-14

CVE-2024-39406 [MEDIUM] CWE-22 CVE-2024-39406: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to gain access to files and directories that are outside the restri

cvelistv5nvd

CVE-2024-39418MEDIUMCVSS 5.4≤ 2.4.4-p92024-08-14

CVE-2024-39418 [MEDIUM] CWE-285 CVE-2024-39418: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not re

cvelistv5nvd

CVE-2024-39404MEDIUMCVSS 4.3≤ 2.4.4-p92024-08-14

CVE-2024-39404 [MEDIUM] CWE-285 CVE-2024-39404: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user inter

cvelistv5nvd

CVE-2024-39414MEDIUMCVSS 4.3≤ 2.4.4-p92024-08-14

CVE-2024-39414 [MEDIUM] CWE-284 CVE-2024-39414: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user int

cvelistv5nvd

CVE-2024-39419MEDIUMCVSS 4.3≤ 2.4.4-p92024-08-14

CVE-2024-39419 [MEDIUM] CWE-285 CVE-2024-39419: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user inter

cvelistv5nvd

CVE-2024-39412MEDIUMCVSS 4.3≤ 2.4.4-p92024-08-14

CVE-2024-39412 [MEDIUM] CWE-285 CVE-2024-39412: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity change. Exploitation of this issue does not require us

cvelistv5nvd

CVE-2024-39409MEDIUMCVSS 4.3≤ 2.4.4-p92024-08-14

CVE-2024-39409 [MEDIUM] CWE-352 CVE-2024-39409: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-S Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page

cvelistv5nvd

CVE-2024-39417MEDIUMCVSS 4.3≤ 2.4.4-p92024-08-14

CVE-2024-39417 [MEDIUM] CWE-285 CVE-2024-39417: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user int

cvelistv5nvd

CVE-2024-39405MEDIUMCVSS 4.3≤ 2.4.4-p92024-08-14

CVE-2024-39405 [MEDIUM] CWE-285 CVE-2024-39405: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user inter

cvelistv5nvd

CVE-2024-39408MEDIUMCVSS 4.3≤ 2.4.4-p92024-08-14

CVE-2024-39408 [MEDIUM] CWE-352 CVE-2024-39408: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-S Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page

cvelistv5nvd

CVE-2024-39407MEDIUMCVSS 4.3≤ 2.4.4-p92024-08-14

CVE-2024-39407 [MEDIUM] CWE-285 CVE-2024-39407: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user inter

cvelistv5nvd

CVE-2024-39416MEDIUMCVSS 4.3≤ 2.4.4-p92024-08-14

CVE-2024-39416 [MEDIUM] CWE-285 CVE-2024-39416: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user int

cvelistv5nvd

CVE-2024-39410MEDIUMCVSS 4.3≤ 2.4.4-p92024-08-14

CVE-2024-39410 [MEDIUM] CWE-352 CVE-2024-39410: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-S Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page

cvelistv5nvd

CVE-2024-39415MEDIUMCVSS 4.3≤ 2.4.4-p92024-08-14

CVE-2024-39415 [MEDIUM] CWE-285 CVE-2024-39415: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improp Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user int

cvelistv5nvd

← Previous6 / 9Next →