CVE-2024-49521

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 3.2.5 and earlier

Description The issue is related to a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction. The vulnerability is associated with insufficient server-side request validation.

Recommendations For Adobe Commerce versions 3.2.5 and earlier, update to a version that includes the fix for this SSRF vulnerability. As a temporary workaround, consider restricting access to internal systems to minimize the risk of exploitation. Avoid using the vulnerable server to send requests to internal systems until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.