CVE-2024-39322

Name of the Vulnerable Software and Affected Versions aimeos/ai-admin-jsonadm versions prior to 2020.10.13 aimeos/ai-admin-jsonadm versions prior to 2021.10.6 aimeos/ai-admin-jsonadm versions prior to 2022.10.3 aimeos/ai-admin-jsonadm versions prior to 2023.10.4 aimeos/ai-admin-jsonadm versions prior to 2024.4.2

Description The issue is related to improper access control in the Aimeos e-commerce JSON API for administrative tasks. This allows editors to remove admin group and locale configuration in the Aimeos backend.

Recommendations For versions prior to 2020.10.13, update to version 2020.10.13 or later. For versions prior to 2021.10.6, update to version 2021.10.6 or later. For versions prior to 2022.10.3, update to version 2022.10.3 or later. For versions prior to 2023.10.4, update to version 2023.10.4 or later. For versions prior to 2024.4.2, update to version 2024.4.2 or later.