CVE-2024-34102

🗓️ 13 Jun 2024 09:04:56Reported by adobeType

cve🔗 web.nvd.nist.gov📰️ 8 Media mentions👁 344 Views

Adobe Commerce XXE vulnerability in versions 2.4.7 and earlie

Reporter	Title	Published	Views	Family All 56
GithubExploit	Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce	13 Aug 202407:33	–	githubexploit
GithubExploit	Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce	30 Jun 202416:49	–	githubexploit
GithubExploit	Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce	19 Aug 202419:25	–	githubexploit
GithubExploit	Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce	27 Jun 202421:57	–	githubexploit
GithubExploit	Exploit for Code Injection in Geoserver	5 Jul 202415:24	–	githubexploit
GithubExploit	Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce	28 Jun 202412:45	–	githubexploit
GithubExploit	Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce	28 Jun 202414:50	–	githubexploit
GithubExploit	Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce	1 Jul 202408:19	–	githubexploit
GithubExploit	Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce	13 Aug 202407:33	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Aviatrix Controller	12 Jan 202511:20	–	githubexploit

NVD

Vulners

Vulnrichment

Node

adobe commerceMatch2.4.2-

adobe commerceMatch2.4.2ext-1

adobe commerceMatch2.4.2ext-2

adobe commerceMatch2.4.2ext-3

adobe commerceMatch2.4.2ext-4

adobe commerceMatch2.4.2ext-7

adobe commerceMatch2.4.3-

adobe commerceMatch2.4.3ext-1

adobe commerceMatch2.4.3ext-2

adobe commerceMatch2.4.3ext-3

adobe commerceMatch2.4.3ext-4

adobe commerceMatch2.4.3ext-7

adobe commerceMatch2.4.4-

adobe commerceMatch2.4.4p1

adobe commerceMatch2.4.4p2

adobe commerceMatch2.4.4p3

adobe commerceMatch2.4.4p4

adobe commerceMatch2.4.4p5

adobe commerceMatch2.4.4p6

adobe commerceMatch2.4.4p8

adobe commerceMatch2.4.5-

adobe commerceMatch2.4.5p1

adobe commerceMatch2.4.5p2

adobe commerceMatch2.4.5p3

adobe commerceMatch2.4.5p4

adobe commerceMatch2.4.5p5

adobe commerceMatch2.4.5p7

adobe commerceMatch2.4.6-

adobe commerceMatch2.4.6p1

adobe commerceMatch2.4.6p2

adobe commerceMatch2.4.6p3

adobe commerceMatch2.4.6p5

adobe commerceMatch2.4.7-

adobe commerce_webhooksRange1.2.0–1.5.0

adobe magentoMatch2.4.4-open_source

adobe magentoMatch2.4.4p1open_source

adobe magentoMatch2.4.4p2open_source

adobe magentoMatch2.4.4p3open_source

adobe magentoMatch2.4.4p4open_source

adobe magentoMatch2.4.4p5open_source

adobe magentoMatch2.4.4p6open_source

adobe magentoMatch2.4.4p7open_source

adobe magentoMatch2.4.4p8open_source

adobe magentoMatch2.4.5-open_source

adobe magentoMatch2.4.5p1open_source

adobe magentoMatch2.4.5p2open_source

adobe magentoMatch2.4.5p3open_source

adobe magentoMatch2.4.5p4open_source

adobe magentoMatch2.4.5p5open_source

adobe magentoMatch2.4.5p6open_source

adobe magentoMatch2.4.5p7open_source

adobe magentoMatch2.4.6-open_source

adobe magentoMatch2.4.6p1open_source

adobe magentoMatch2.4.6p2open_source

adobe magentoMatch2.4.6p3open_source

adobe magentoMatch2.4.6p4open_source

adobe magentoMatch2.4.6p5open_source

adobe magentoMatch2.4.7-open_source

adobe magentoMatch2.4.7b1open_source

[
  {
    "defaultStatus": "affected",
    "product": "Adobe Commerce",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "2.4.4-p8",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
vicarius	www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102
helpx	www.helpx.adobe.com/security/products/magento/apsb24-40.html
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog