APSB24-61 : Security update available for Adobe Commerce

2024-08-1300:00:00

helpx.adobe.com

adobe

commerce

magento

security

update

vulnerabilities

code execution

file system read

security feature bypass

privilege escalation

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

EPSS

0.049

Percentile

92.9%

JSON

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, arbitrary file system read, security feature bypass and privilege escalation.

Affected configurations

Vulners

Node

adobeadobe_commerceRange≤2.4.7-p1

adobeadobe_commerceRange≤2.4.6-p6

adobeadobe_commerceRange≤2.4.5-p8

adobeadobe_commerceRange≤2.4.4-p9

adobemagentoRange≤2.4.7-p1open_source

adobemagentoRange≤2.4.6-p6open_source

adobemagentoRange≤2.4.5-p8open_source

adobemagentoRange≤2.4.4-p9open_source

VendorProductVersionCPE
adobeadobe_commerce*cpe:2.3:a:adobe:adobe_commerce:*:*:*:*:*:*:*:*
adobemagento*cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*