Adobe Commerce Flaws Put Sensitive Data at Risk
CVE-2024-45117

7.6HIGH

Key Information:

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 10 October 2024

Summary

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10 are susceptible to an Improper Input Validation vulnerability. This flaw enables an administrator with malicious intent to exploit the improperly validated input, allowing unauthorized access to read sensitive files outside the designated directories. The exploitation can occur via a PHP filter chain without the need for user interaction, potentially leading to low availability of the affected service as well. The impact of this vulnerability underscores the need for immediate attention and remediation among affected users.

Affected Version(s)

Adobe Commerce 0 <= 2.4.4-p10

References

https://helpx.adobe.com/security/products/magento/apsb24-...

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 10, 2024
Vulnerability Reserved
Aug 21, 2024

Collectors

NVD DatabaseMitre Database