CVE-2024-39414

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7-p1 through 2.4.4-p9 and earlier

Description The issue is related to an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. The vulnerability is also associated with insufficient access control, which could allow a remote attacker to elevate their privileges.

Recommendations For Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9, update to a version that fixes the Improper Authorization vulnerability. For Adobe Commerce versions earlier than 2.4.4-p9, update to a version that fixes the Improper Authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.