CVE-2024-45120

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7-p2 through 2.4.4-p10 and earlier

Description The issue is related to a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction. The vulnerability is associated with synchronization errors when using a shared resource.

Recommendations For Adobe Commerce versions 2.4.7-p2 through 2.4.4-p10 and earlier, update to a version that contains a fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider implementing additional security measures to minimize the risk of exploitation, such as restricting access to shared resources and monitoring user interactions.