CVE-2024-45134

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier

Description The issue is related to an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality, which may aid in further attacks. Exploitation of this issue does not require user interaction. The vulnerability is associated with the disclosure of information and could allow a remote attacker to bypass security features and gain unauthorized access to protected information.

Recommendations For Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, update to a version that contains a fix for this vulnerability. For Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, update to a version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to sensitive information and security features to minimize the risk of exploitation.