Lucene search

GoogleOSV:BIT-MAGENTO-2024-34111

HistoryJun 17, 2024 - 7:24 a.m.

BIT-magento-2024-34111

2024-06-1707:24:05

Google

osv.dev

adobe commerce

ssrf vulnerability

arbitrary code execution

server-side request forgery

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

JSON

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause the server to execute arbitrary code. Exploitation of this issue does not require user interaction.

CPENameOperatorVersion
magentolt2.4.4-p9
magentolt2.4.3-ext-8
magentoge2.4.6-alpha0
magentoge2.4.7-alpha0
magentoge2.4.2-alpha0
magentolt2.3.4-p4-ext-8
magentoge2.4.4-alpha0
magentolt2.4.0-ext-8
magentolt2.4.1-ext-8
magentoge2.4.0-alpha0

Name	Operator	Version
magento	lt	2.4.4-p9
magento	lt	2.4.3-ext-8
magento	ge	2.4.6-alpha0
magento	ge	2.4.7-alpha0
magento	ge	2.4.2-alpha0
magento	lt	2.3.4-p4-ext-8
magento	ge	2.4.4-alpha0
magento	lt	2.4.0-ext-8
magento	lt	2.4.1-ext-8
magento	ge	2.4.0-alpha0

Rows per page:

1-10 of 171

References

helpx.adobe.com/security/products/magento/apsb24-40.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

JSON

Related for OSV:BIT-MAGENTO-2024-34111