PT-2024-4168 · Adobe · Commerce

Published

2024-06-11

·

Updated

2024-07-09

·

CVE-2024-34106

CVSS v4.0

6.9

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier
Description The issue is related to insufficient authentication procedures in Adobe Commerce, allowing a remote attacker to bypass existing security restrictions. This could result in unauthorized access or actions being performed with the privileges of another user. Exploitation does not require user interaction.
Recommendations For Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier, update to a version that includes the fix for the authentication procedure vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-287

Related Identifiers

BDU:2024-04653
BIT-MAGENTO-2024-34106
CVE-2024-34106
GHSA-P6H9-GX5G-WG64

Affected Products

Commerce