Adobe Commerce Webhooks vulnerabilities
10 known vulnerabilities affecting adobe/commerce_webhooks.
Total CVEs
10
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH6MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-34107CRITICALCVSS 9.8≥ 1.2.0, ≤ 1.4.02024-06-13
CVE-2024-34107 [MEDIUM] CWE-284 CVE-2024-34107: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploitation of this issue does not require user interaction
nvd
CVE-2024-34102CRITICALCVSS 9.8KEVPoC≥ 1.2.0, < 1.5.02024-06-13
CVE-2024-34102 [CRITICAL] CWE-611 CVE-2024-34102: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this i
nvd
CVE-2024-34111HIGHCVSS 8.8≥ 1.2.0, ≤ 1.4.02024-06-13
CVE-2024-34111 [MEDIUM] CWE-918 CVE-2024-34111: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Sid
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not requ
nvd
CVE-2024-34108HIGHCVSS 7.2≥ 1.2.0, ≤ 1.4.02024-06-13
CVE-2024-34108 [CRITICAL] CWE-20 CVE-2024-34108: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required and scope is changed.
nvd
CVE-2024-34109HIGHCVSS 7.2≥ 1.2.0, ≤ 1.4.02024-06-13
CVE-2024-34109 [HIGH] CWE-20 CVE-2024-34109: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required.
nvd
CVE-2024-34104HIGHCVSS 8.2≥ 1.2.0, ≤ 1.4.02024-06-13
CVE-2024-34104 [HIGH] CWE-285 CVE-2024-34104: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this
nvd
CVE-2024-34103HIGHCVSS 8.1≥ 1.2.0, ≤ 1.4.02024-06-13
CVE-2024-34103 [HIGH] CWE-287 CVE-2024-34103: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction,
nvd
CVE-2024-34110HIGHCVSS 7.2≥ 1.2.0, ≤ 1.4.02024-06-13
CVE-2024-34110 [HIGH] CWE-434 CVE-2024-34110: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestric
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the system, which could then be executed. Exploitation of thi
nvd
CVE-2024-34106MEDIUMCVSS 5.3≥ 1.2.0, ≤ 1.4.02024-06-13
CVE-2024-34106 [MEDIUM] CWE-863 CVE-2024-34106: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require u
nvd
CVE-2024-34105MEDIUMCVSS 4.8≥ 1.2.0, ≤ 1.4.02024-06-13
CVE-2024-34105 [MEDIUM] CWE-79 CVE-2024-34105: Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cro
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable f
nvd