CVE-2024-20718

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier

Description The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website.

Recommendations For Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.