SSRF Vulnerability in Adobe Commerce Affecting Earlier Versions
CVE-2024-49521

7.7HIGH

Key Information:

Vendor: Adobe
Status: Commerce; Magento
Vendor: CVE Published:; 12 November 2024

Summary

A vulnerability exists in Adobe Commerce versions 3.2.5 and earlier, characterized as a Server-Side Request Forgery (SSRF). This flaw permits low privileged attackers to send crafted requests from the compromised server to internal systems. This capability can allow them to circumvent established security protocols, such as firewalls, revealing potential exposure of sensitive resources. Notably, exploitation of this vulnerability does not require any user interaction, making the risk particularly concerning.

References

https://helpx.adobe.com/security/products/magento/apsb24-...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 12, 2024