97 matches found
CVE-2024-45135 Adobe Commerce | Improper Access Control (CWE-284)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity...
CVE-2024-45135 Adobe Commerce | Improper Access Control (CWE-284)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity...
CVE-2024-45135
Summary of CVE-2024-45135 : Adobe Commerce (versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) is affected by an Improper Access Control vulnerability that could result in a security feature bypass. The underlying issue is an access-control flaw that could be exploited by an admin atta...
CVE-2024-45135 Adobe Commerce | Improper Access Control (CWE-284)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity...
CVE-2024-45134 Adobe Commerce | Information Exposure (CWE-200)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further...
CVE-2024-45134
CVE-2024-45134 (Adobe Commerce) affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Information Exposure that could result in a security feature bypass, with a low confidentiality impact. Exploitation does not require user interaction and, ...
CVE-2024-45134 Adobe Commerce | Information Exposure (CWE-200)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further...
CVE-2024-39401
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...
CVE-2024-39401 Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...
CVE-2024-39401
CVE-2024-39401 affects Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Root cause is Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) that could lead to arbitrary code execution by an admin attacker; exploitation requires user in...
CVE-2024-39401 Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...
CVE-2024-39402 Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...
CVE-2024-39402
CVE-2024-39402 affects Adobe Commerce (and Magento Open Source) versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. It is an OS Command Injection caused by improper neutralization of special elements, potentially leading to arbitrary code execution. Exploitation requires admin user inter...
CVE-2024-39402 Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...
PT-2024-28485 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1 through 2.4.4-p9 and earlier Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability that could allow an admin attacker to inject and execute arbitrary JavaScript code within the context o...
SAP Transportation Management Code Issue Vulnerability
SAP Transportation Management is an integrated transportation fleet and logistics management application from SAP, Germany, that helps organizations reduce complexity, increase efficiency and agility to build a more sustainable and risk-resilient supply chain. A code issue vulnerability exists in...
BIT-MAGENTO-2024-34105
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...
GHSA-5632-WQ7M-GFQ9 Magento Open Source Cross-Site Scripting (XSS) vulnerability
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...
CVE-2024-34105
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...