CVE-2024-34104

Опубликовано: 13 июн. 2024

Источник: nvd

CVSS3: 8.2

EPSS Низкий

Описание

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.

Ссылки

https://helpx.adobe.com/security/products/magento/apsb24-40.html
Vendor Advisory
https://helpx.adobe.com/security/products/magento/apsb24-40.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*

Версия от 1.2.0 (включая) до 1.4.0 (включая)

cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*

EPSS

Процентиль: 56%

0.00335

Низкий

8.2 High

CVSS3

Дефекты

CWE-285

Связанные уязвимости

GHSA-wwj3-573j-rvvm

CVSS3: 8.2

github

больше 1 года назад

Magento Open Source Improper Authorization vulnerability

BDU:2024-04665

CVSS3: 8.2

fstec

больше 1 года назад

Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source, Adobe Commerce и плагина Adobe Commerce Webhooks, связанная с недостатками процедуры авторизации, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 56%

0.00335

Низкий

8.2 High

CVSS3

Дефекты

CWE-285