Lucene search

AdobeCVELIST:CVE-2024-20716

HistoryFeb 15, 2024 - 1:39 p.m.

CVE-2024-20716 Force high-usage of resources by generating unlimited coupons: Adobe Commerce

2024-02-1513:39:40

CWE-400

adobe

www.cve.org

adobe commerce

uncontrolled resource consumption

denial-of-service

cve-2024-20716

high-privileged attacker

system exhaustion

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.1%

JSON

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Adobe Commerce",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "2.4.4-p6",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

helpx.adobe.com/security/products/magento/apsb24-03.html

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.1%

JSON

Related for CVELIST:CVE-2024-20716