CVE-2024-39415

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7-p1 through 2.4.4-p9 and earlier Magento Open Source (affected versions not specified)

Description The issue is related to insufficient authorization procedures in the affected software, allowing a remote attacker to bypass security restrictions and disclose protected information. A low-privileged attacker can leverage this issue to bypass security measures and disclose minor information without requiring user interaction.

Recommendations For Adobe Commerce versions 2.4.7-p1 through 2.4.4-p9 and earlier, update to a version that addresses the improper authorization vulnerability. For Magento Open Source, at the moment, there is no information about a newer version that contains a fix for this vulnerability.