Vulnerability-Lookup

CVE-2024-34104 (GCVE-0-2024-34104)

Vulnerability from cvelistv5 – Published: 2024-06-13 09:04 – Updated: 2024-09-17 11:08

Title

Adobe Commerce | Improper Authorization (CWE-285)

Summary

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-285 - Improper Authorization (CWE-285)

Assigner

adobe

References

URL

Tags

https://helpx.adobe.com/security/products/magento…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Affected: 0 , ≤ 2.4.4-p8 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "2.4.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.6-p5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.5-p7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.4-p8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.3-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.2-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.1-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.4.0-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "2.3.7-p4-ext-7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34104",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T13:48:20.835460Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T13:48:49.391Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:43:00.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-06-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 8.2,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "LOW",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 8.2,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization (CWE-285)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T11:08:38.931Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Authorization (CWE-285)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-34104",
    "datePublished": "2024-06-13T09:04:56.852Z",
    "dateReserved": "2024-04-30T19:50:50.901Z",
    "dateUpdated": "2024-09-17T11:08:38.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://helpx.adobe.com/security/products/magento/apsb24-40.html\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:43:00.447Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-34104\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-14T13:48:20.835460Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*\"], \"vendor\": \"adobe\", \"product\": \"commerce\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.4.7\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.4.6-p5\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.4.5-p7\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.4.4-p8\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.4.3-ext-7\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.4.2-ext-7\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.4.1-ext-7\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.4.0-ext-7\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.3.7-p4-ext-7\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-13T15:27:31.193Z\"}}], \"cna\": {\"title\": \"Adobe Commerce | Improper Authorization (CWE-285)\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\", \"modifiedScope\": \"UNCHANGED\", \"temporalScore\": 8.2, \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"remediationLevel\": \"NOT_DEFINED\", \"reportConfidence\": \"NOT_DEFINED\", \"temporalSeverity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"environmentalScore\": 8.2, \"privilegesRequired\": \"NONE\", \"exploitCodeMaturity\": \"NOT_DEFINED\", \"integrityRequirement\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NETWORK\", \"confidentialityImpact\": \"HIGH\", \"environmentalSeverity\": \"HIGH\", \"availabilityRequirement\": \"NOT_DEFINED\", \"modifiedIntegrityImpact\": \"LOW\", \"modifiedUserInteraction\": \"NONE\", \"modifiedAttackComplexity\": \"LOW\", \"confidentialityRequirement\": \"NOT_DEFINED\", \"modifiedAvailabilityImpact\": \"NONE\", \"modifiedPrivilegesRequired\": \"NONE\", \"modifiedConfidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Adobe\", \"product\": \"Adobe Commerce\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.4.4-p8\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2024-06-11T17:00:00.000Z\", \"references\": [{\"url\": \"https://helpx.adobe.com/security/products/magento/apsb24-40.html\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-285\", \"description\": \"Improper Authorization (CWE-285)\"}]}], \"providerMetadata\": {\"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\", \"dateUpdated\": \"2024-09-17T11:08:38.931Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-34104\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-17T11:08:38.931Z\", \"dateReserved\": \"2024-04-30T19:50:50.901Z\", \"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"datePublished\": \"2024-06-13T09:04:56.852Z\", \"assignerShortName\": \"adobe\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-34104

Vulnerability from fkie_nvd - Published: 2024-06-13 09:15 - Updated: 2024-11-21 09:18

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Summary

References

	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-40.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.3.7
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.0
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.1
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.2
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.3
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce_webhooks	*
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.4
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "4346BF61-743B-4BBE-AC90-9954FEE6E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9F471E19-8AFE-4A6C-88EA-DF94428518F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "27E5B990-1E1C-46AC-815F-AF737D211C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "8D1598F4-AA41-4F94-A986-E603DC42AC8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "3A3535F6-227F-4DD2-881F-9ADAB68373CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*",
              "matchCriteriaId": "428B889D-3BAF-46A2-913A-E0022217F804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*",
              "matchCriteriaId": "2A0A7F6F-6218-4714-A7C7-79580FBA8FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*",
              "matchCriteriaId": "304A7DB2-0174-42A2-A357-944634C2ADFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*",
              "matchCriteriaId": "C5954698-9CA1-4463-833C-E7DB447AC80A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "D845F99F-2958-4118-B27E-6D84602B7FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "61266FCB-916E-4B72-A5CE-8E9D3D817996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "4B4BB14A-5BBE-4FF3-B956-306D721D99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8D33D70D-84E7-46D9-A50B-857DF71B43C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "6291AFE6-3F06-4796-B6B8-761D995F1F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "33BE2A5D-A4B1-4863-A1D9-29F08CA8CCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "F1BCDF10-D4D2-4FB5-8A6A-960730C17911",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "F747F9C6-BD3F-4DFC-BC91-6361F66E50D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "8249B061-BD24-4A05-A08B-8CE776C23F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "40315EF0-0EAF-465B-BC82-57B74C23ED98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "62BF6A4C-BC58-40A2-AE21-B4F309562661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "1D0E8BC4-17BD-4F42-A849-2CC439CF82D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E9E12EC1-36A9-42F5-9EE6-88FAA6FD52F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "F2B3EF0E-31B4-4508-AC48-D89CB4460D89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "B0B4ABDB-1C22-4B26-BA4D-DA73ED1F50D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "7B503C35-8C90-4A24-8E60-722CDBBF556B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*",
              "matchCriteriaId": "FC5B997C-8DB4-4FDF-96F6-6DCF23970705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*",
              "matchCriteriaId": "E8B1341E-A0C9-42EB-8BAE-E23D88BC3CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*",
              "matchCriteriaId": "14CEAFB8-0812-4F19-8E83-93A61A23594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*",
              "matchCriteriaId": "25A9AC2F-7AAC-41FF-8D93-3A5CBE24BED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75FC038A-FDAE-4A80-B3A2-BE38F53841B6",
              "versionEndIncluding": "1.4.0",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de autorizaci\u00f3n incorrecta que podr\u00eda provocar la omisi\u00f3n de una funci\u00f3n de seguridad. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir las medidas de seguridad y obtener acceso no autorizado, lo que tendr\u00eda un impacto tanto en la confidencialidad como en la integridad. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario."
    }
  ],
  "id": "CVE-2024-34104",
  "lastModified": "2024-11-21T09:18:06.377",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-06-13T09:15:11.017",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    }
  ]
}

GHSA-WWJ3-573J-RVVM

Vulnerability from github – Published: 2024-06-13 09:31 – Updated: 2024-08-07 17:43

Summary

Magento Open Source Improper Authorization vulnerability

Details

Severity ?

8.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

8.7 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.7"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.6"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.5"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.4"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.6-p1"
            },
            {
              "fixed": "2.4.6-p6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.5-p1"
            },
            {
              "fixed": "2.4.5-p8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.4-p9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-34104"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-07T17:43:35Z",
    "nvd_published_at": "2024-06-13T09:15:11Z",
    "severity": "HIGH"
  },
  "details": "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.",
  "id": "GHSA-wwj3-573j-rvvm",
  "modified": "2024-08-07T17:43:35Z",
  "published": "2024-06-13T09:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34104"
    },
    {
      "type": "WEB",
      "url": "https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799"
    },
    {
      "type": "WEB",
      "url": "https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/magento/magento2"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-40.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Magento Open Source Improper Authorization vulnerability"
}

CERTFR-2024-AVI-0483

Vulnerability from certfr_avis - Published: 2024-06-12 - Updated: 2024-06-12

De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Adobe	Magento	Magento Open Source versions 2.4.5-px antérieures à 2.4.5-p8
Adobe	Commerce	Commerce versions 2.3.7-px-ext-x antérieures à 2.3.7-p4-ext-8
Adobe	Commerce	Commerce versions 2.4.5-px antérieures à 2.4.5-p8
Adobe	ColdFusion	ColdFusion 2023 sans le correctif de sécurité Update 8
Adobe	Commerce	Commerce versions 2.4.0-ext-x antérieures à 2.4.0-ext-8
Adobe	Magento	Magento Open Source versions 2.4.7-px antérieures à 2.4.7-p1
Adobe	Magento	Magento Open Source versions 2.4.6-px antérieures à 2.4.6-p6
Adobe	Commerce	Commerce Webhooks Plugin versions 1.2.0 à 1.4.0 antérieures à 1.5.0
Adobe	ColdFusion	ColdFusion 2021 sans le correctif de sécurité Update 14
Adobe	Commerce	Commerce versions 2.4.2-ext-x antérieures à 2.4.2-ext-8
Adobe	Commerce	Commerce versions 2.4.3-ext-x antérieures à 2.4.3-ext-8
Adobe	Magento	Magento Open Source versions 2.4.4-px antérieures à 2.4.4-p9
Adobe	Commerce	Commerce versions 2.4.7-px antérieures à 2.4.7-p1
Adobe	Commerce	Commerce versions 2.4.1-ext-x antérieures à 2.4.1-ext-8
Adobe	Commerce	Commerce versions 2.4.4-px antérieures à 2.4.4-p9
Adobe	Commerce	Commerce versions 2.4.6-px antérieures à 2.4.6-p6
Adobe	Acrobat	Acrobat Android versions antérieures à 24.5.0.33694

References

Title

Publication Time

CNVD-2024-28954

Vulnerability from cnvd - Published: 2024-06-26

Title

Adobe Commerce授权问题漏洞（CNVD-2024-28954）

Description

Adobe Commerce是美国奥多比（Adobe）公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce存在授权问题漏洞，攻击者可利用该漏洞绕过安全措施并获取未经授权的访问。

Severity

高

Patch Name

Adobe Commerce授权问题漏洞（CNVD-2024-28954）的补丁

Patch Description

Adobe Commerce是美国奥多比（Adobe）公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce存在授权问题漏洞，攻击者可利用该漏洞绕过安全措施并获取未经授权的访问。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://helpx.adobe.com/security/products/magento/apsb24-40.html

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/294629

Impacted products

Name
['Adobe Adobe Commerce <=2.4.7', 'Adobe Adobe Commerce <=2.4.6-p5', 'Adobe Adobe Commerce <=2.4.5-p7', 'Adobe Adobe Commerce <=2.4.4-p8', 'Adobe Adobe Commerce <=2.4.3-ext-7', 'Adobe Adobe Commerce <=2.4.2-ext-7', 'Adobe Adobe Commerce <=2.4.1-ext-7', 'Adobe Adobe Commerce <=2.4.0-ext-7', 'Adobe Adobe Commerce <=2.3.7-p4-ext-7', 'Adobe Magento Open Source <=2.4.7', 'Adobe Magento Open Source <=2.4.6-p5', 'Adobe Magento Open Source <=2.4.5-p7', 'Adobe Magento Open Source <=2.4.4-p8', 'Adobe Adobe Commerce Webhooks Plugin >=1.2.0，<=1.4.0']

Name

['Adobe Adobe Commerce <=2.4.7', 'Adobe Adobe Commerce <=2.4.6-p5', 'Adobe Adobe Commerce <=2.4.5-p7', 'Adobe Adobe Commerce <=2.4.4-p8', 'Adobe Adobe Commerce <=2.4.3-ext-7', 'Adobe Adobe Commerce <=2.4.2-ext-7', 'Adobe Adobe Commerce <=2.4.1-ext-7', 'Adobe Adobe Commerce <=2.4.0-ext-7', 'Adobe Adobe Commerce <=2.3.7-p4-ext-7', 'Adobe Magento Open Source <=2.4.7', 'Adobe Magento Open Source <=2.4.6-p5', 'Adobe Magento Open Source <=2.4.5-p7', 'Adobe Magento Open Source <=2.4.4-p8', 'Adobe Adobe Commerce Webhooks Plugin >=1.2.0，<=1.4.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-34104"
    }
  },
  "description": "Adobe Commerce\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u79cd\u9762\u5411\u5546\u5bb6\u548c\u54c1\u724c\u7684\u5168\u7403\u9886\u5148\u7684\u6570\u5b57\u5546\u52a1\u89e3\u51b3\u65b9\u6848\u3002 \n\nAdobe Commerce\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u63aa\u65bd\u5e76\u83b7\u53d6\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/magento/apsb24-40.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-28954",
  "openTime": "2024-06-26",
  "patchDescription": "Adobe Commerce\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u79cd\u9762\u5411\u5546\u5bb6\u548c\u54c1\u724c\u7684\u5168\u7403\u9886\u5148\u7684\u6570\u5b57\u5546\u52a1\u89e3\u51b3\u65b9\u6848\u3002 \r\n\r\nAdobe Commerce\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u63aa\u65bd\u5e76\u83b7\u53d6\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Commerce\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2024-28954\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Adobe Commerce \u003c=2.4.7",
      "Adobe Adobe Commerce \u003c=2.4.6-p5",
      "Adobe Adobe Commerce \u003c=2.4.5-p7",
      "Adobe Adobe Commerce \u003c=2.4.4-p8",
      "Adobe Adobe Commerce \u003c=2.4.3-ext-7",
      "Adobe Adobe Commerce \u003c=2.4.2-ext-7",
      "Adobe Adobe Commerce \u003c=2.4.1-ext-7",
      "Adobe Adobe Commerce \u003c=2.4.0-ext-7",
      "Adobe Adobe Commerce \u003c=2.3.7-p4-ext-7",
      "Adobe Magento Open Source \u003c=2.4.7",
      "Adobe Magento Open Source \u003c=2.4.6-p5",
      "Adobe Magento Open Source \u003c=2.4.5-p7",
      "Adobe Magento Open Source \u003c=2.4.4-p8",
      "Adobe Adobe Commerce Webhooks Plugin \u003e=1.2.0\uff0c\u003c=1.4.0"
    ]
  },
  "referenceLink": "https://exchange.xforce.ibmcloud.com/vulnerabilities/294629",
  "serverity": "\u9ad8",
  "submitTime": "2024-06-14",
  "title": "Adobe Commerce\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2024-28954\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-34104 (GCVE-0-2024-34104)

FKIE_CVE-2024-34104

GHSA-WWJ3-573J-RVVM

CERTFR-2024-AVI-0483

Solutions

CNVD-2024-28954

Tags

Sightings

Nomenclature