Adobe Commerce Vulnerable to Improper Access Control
CVE-2024-34107

9.8CRITICAL

Key Information:

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 13 June 2024

Summary

Adobe Commerce versions 2.4.7 and earlier are impacted by an Improper Access Control vulnerability, which enables attackers to bypass established security features. This vulnerability permits unauthorized access to minor information without the need for user interaction, posing significant risks to the integrity and confidentiality of sensitive information within the affected products.

Affected Version(s)

Adobe Commerce 0 <= 2.4.4-p8

References

https://helpx.adobe.com/security/products/magento/apsb24-...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
Apr 30, 2024