CVE-2024-34107

Опубликовано: 13 июн. 2024

Источник: nvd

CVSS3: 5.3

CVSS3: 9.8

EPSS Низкий

Описание

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploitation of this issue does not require user interaction.

Ссылки

https://helpx.adobe.com/security/products/magento/apsb24-40.html
Vendor Advisory
https://helpx.adobe.com/security/products/magento/apsb24-40.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*

Версия от 1.2.0 (включая) до 1.4.0 (включая)

cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*

EPSS

Процентиль: 60%

0.00396

Низкий

5.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-284

Связанные уязвимости

GHSA-r7cm-g469-wm4g

CVSS3: 5.3

github

больше 1 года назад

Magento Open Source Improper Access Control vulnerability

BDU:2024-04621

CVSS3: 5.3

fstec

больше 1 года назад

Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source, Adobe Commerce и плагина Adobe Commerce Webhooks, связанная с недостатками контроля доступа, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 60%

0.00396

Низкий

5.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-284