PT-2024-6004 · Adobe · Magento Open Source+1
Published
2024-08-13
·
Updated
2024-10-16
·
CVE-2024-39412
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier
Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier
Description
The issue is related to insufficient authorization procedures in the affected software, allowing a remote attacker to bypass security restrictions. A low-privileged attacker could leverage this issue to bypass security measures, perform minor integrity changes, or disclose minor information. Exploitation of this issue does not require user interaction.
Recommendations
For Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier, update to a version that includes the fix for this issue.
For Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to sensitive features and data to minimize the risk of exploitation.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Commerce
Magento Open Source