Adobe Commerce Flaws Put Sensitive Data at Risk
CVE-2024-45117

7.6HIGH

Key Information:

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 10 October 2024

What is CVE-2024-45117?

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10 are susceptible to an Improper Input Validation vulnerability. This flaw enables an administrator with malicious intent to exploit the improperly validated input, allowing unauthorized access to read sensitive files outside the designated directories. The exploitation can occur via a PHP filter chain without the need for user interaction, potentially leading to low availability of the affected service as well. The impact of this vulnerability underscores the need for immediate attention and remediation among affected users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Adobe Commerce 0 <= 2.4.4-p10

References

https://helpx.adobe.com/security/products/magento/apsb24-...

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 10, 2024
Vulnerability Reserved
Aug 21, 2024

JSON

Adobe

What is CVE-2024-45117?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.