Lucene search
K

97 matches found

Vulnrichment
Vulnrichment
added 2024/10/10 9:57 a.m.21 views

CVE-2024-45135 Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity...

2.7CVSS6.8AI score0.00563EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/10 9:57 a.m.24 views

CVE-2024-45135 Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity...

2.7CVSS0.00563EPSS
Exploits0References1
CVE
CVE
added 2024/10/10 9:57 a.m.47 views

CVE-2024-45135

Summary of CVE-2024-45135 : Adobe Commerce (versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) is affected by an Improper Access Control vulnerability that could result in a security feature bypass. The underlying issue is an access-control flaw that could be exploited by an admin atta...

2.7CVSS4AI score0.00563EPSS
Exploits0References1Affected Software3
OSV
OSV
added 2024/10/10 9:57 a.m.10 views

CVE-2024-45135 Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity...

2.7CVSS6.6AI score0.00563EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/10 9:57 a.m.15 views

CVE-2024-45134 Adobe Commerce | Information Exposure (CWE-200)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further...

2.7CVSS6.7AI score0.00612EPSS
Exploits0References1
CVE
CVE
added 2024/10/10 9:57 a.m.57 views

CVE-2024-45134

CVE-2024-45134 (Adobe Commerce) affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Information Exposure that could result in a security feature bypass, with a low confidentiality impact. Exploitation does not require user interaction and, ...

2.7CVSS3.9AI score0.00612EPSS
Exploits0References1Affected Software3
OSV
OSV
added 2024/10/10 9:57 a.m.10 views

CVE-2024-45134 Adobe Commerce | Information Exposure (CWE-200)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further...

2.7CVSS6.5AI score0.00612EPSS
Exploits0References3
NVD
NVD
added 2024/08/14 12:15 p.m.26 views

CVE-2024-39401

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...

8.4CVSS0.01529EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/14 11:57 a.m.21 views

CVE-2024-39401 Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...

8.4CVSS8.7AI score0.01529EPSS
Exploits0References1
CVE
CVE
added 2024/08/14 11:57 a.m.73 views

CVE-2024-39401

CVE-2024-39401 affects Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. Root cause is Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) that could lead to arbitrary code execution by an admin attacker; exploitation requires user in...

8.4CVSS8.7AI score0.01529EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/08/14 11:57 a.m.22 views

CVE-2024-39401 Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...

8.4CVSS0.01529EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/14 11:57 a.m.15 views

CVE-2024-39402 Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...

8.4CVSS8.7AI score0.01529EPSS
Exploits0References1
CVE
CVE
added 2024/08/14 11:57 a.m.71 views

CVE-2024-39402

CVE-2024-39402 affects Adobe Commerce (and Magento Open Source) versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. It is an OS Command Injection caused by improper neutralization of special elements, potentially leading to arbitrary code execution. Exploitation requires admin user inter...

8.4CVSS8.7AI score0.01529EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/08/14 11:57 a.m.14 views

CVE-2024-39402 Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...

8.4CVSS7.6AI score0.01529EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/14 12:0 a.m.4 views

PT-2024-28485 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1 through 2.4.4-p9 and earlier Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability that could allow an admin attacker to inject and execute arbitrary JavaScript code within the context o...

8.1CVSS6AI score0.00639EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.4 views

SAP Transportation Management Code Issue Vulnerability

SAP Transportation Management is an integrated transportation fleet and logistics management application from SAP, Germany, that helps organizations reduce complexity, increase efficiency and agility to build a more sustainable and risk-resilient supply chain. A code issue vulnerability exists in...

5CVSS6.8AI score0.00353EPSS
Exploits0References4
OSV
OSV
added 2024/06/17 7:25 a.m.26 views

BIT-MAGENTO-2024-34105

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...

4.8CVSS4.8AI score0.0067EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/06/13 9:31 a.m.15 views

Magento Open Source Cross-Site Scripting (XSS) vulnerability

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...

4.8CVSS5.2AI score0.0067EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/06/13 9:31 a.m.12 views

GHSA-5632-WQ7M-GFQ9 Magento Open Source Cross-Site Scripting (XSS) vulnerability

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...

4.8CVSS4.8AI score0.0067EPSS
Exploits0References7
NVD
NVD
added 2024/06/13 9:15 a.m.41 views

CVE-2024-34105

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...

4.8CVSS0.0067EPSS
Exploits0References1
Rows per page
Query Builder