Adobe Commerce Vulnerable to Incorrect Authorization Bypass

CVE-2024-34106

5.3MEDIUM

Key Information

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 13 June 2024

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.

Affected Version(s)

Adobe Commerce <= 2.4.4-p8

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 13, 2024
Vulnerability Reserved.
Apr 30, 2024

Collectors

NVD DatabaseMitre Database