Adobe Commerce Path Traversal Vulnerability Impacts Multiple Releases

CVE-2024-39406

7.7HIGH

Key Information

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 14 August 2024

Summary

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.

Affected Version(s)

Adobe Commerce <= 2.4.4-p9

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Aug 14, 2024
Vulnerability Reserved.
Jun 24, 2024

Collectors

NVD DatabaseMitre Database