Commerce B2b@1.5.0 Security Vulnerabilities and Issues — Commerce B2b@1.5.0 CVE List

Lucene search

AdobeCommerce B2b1.5.0

33 matches found

CVE•added 2025/02/11 6:15 p.m.•231 views

CVE-2025-24434

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Explo...

9.1CVSS9.2AI score0.00227EPSS

CVE•added 2025/02/11 6:15 p.m.•79 views

CVE-2025-24406

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vuln...

7.5CVSS6.1AI score0.00275EPSS

CVE•added 2025/02/11 6:15 p.m.•73 views

CVE-2025-24411

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unautho...

8.1CVSS8.4AI score0.00095EPSS

CVE•added 2025/02/11 6:15 p.m.•71 views

CVE-2025-24417

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

8.7CVSS7.5AI score0.0005EPSS

CVE•added 2025/02/11 6:15 p.m.•70 views

CVE-2025-24414

8.7CVSS7.5AI score0.0005EPSS

CVE•added 2025/02/11 6:15 p.m.•68 views

CVE-2025-24409

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, ...

8.2CVSS8.8AI score0.00123EPSS

CVE•added 2025/02/11 6:15 p.m.•66 views

CVE-2025-24408

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue do...

6.5CVSS6.8AI score0.00101EPSS

CVE•added 2025/02/11 6:15 p.m.•66 views

CVE-2025-24412

8.7CVSS7.5AI score0.0005EPSS

CVE•added 2025/02/11 6:15 p.m.•66 views

CVE-2025-24430

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has...

3.7CVSS4.5AI score0.00085EPSS

CVE•added 2025/02/11 6:15 p.m.•65 views

CVE-2025-24421

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this iss...

4.3CVSS5AI score0.00047EPSS

CVE•added 2025/02/11 6:15 p.m.•65 views

CVE-2025-24424

6.5CVSS7AI score0.0009EPSS

CVE•added 2025/02/11 6:15 p.m.•65 views

CVE-2025-24426

6.5CVSS7.1AI score0.0009EPSS

CVE•added 2025/02/11 6:15 p.m.•65 views

CVE-2025-24429

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security...

3.5CVSS4.9AI score0.00051EPSS

CVE•added 2025/02/11 6:15 p.m.•65 views

CVE-2025-24436

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view select information. Exploitation of t...

4.3CVSS6.2AI score0.00047EPSS

CVE•added 2025/02/11 6:15 p.m.•64 views

CVE-2025-24407

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low privileged attacker could exploit this vulnerability to perform actions with permissions that were...

7.1CVSS7.4AI score0.00077EPSS

CVE•added 2025/02/11 6:15 p.m.•64 views

CVE-2025-24415

8.7CVSS7.5AI score0.0005EPSS

CVE•added 2025/02/11 6:15 p.m.•64 views

CVE-2025-24427

6.5CVSS7.1AI score0.0006EPSS

CVE•added 2025/04/08 9:15 p.m.•64 views

CVE-2025-27188

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploi...

4.3CVSS7.2AI score0.00076EPSS

CVE•added 2025/02/11 6:15 p.m.•63 views

CVE-2025-24432

3.7CVSS4.5AI score0.00085EPSS

CVE•added 2025/02/11 6:15 p.m.•61 views

CVE-2025-24422

6.5CVSS7.1AI score0.0009EPSS

CVE•added 2025/02/11 6:15 p.m.•60 views

CVE-2025-24419

4.3CVSS5.2AI score0.00067EPSS

CVE•added 2025/02/11 6:15 p.m.•60 views

CVE-2025-24437

5.4CVSS6.8AI score0.00047EPSS

CVE•added 2025/02/11 6:15 p.m.•60 views

CVE-2025-24438

8.7CVSS7.5AI score0.0005EPSS

CVE•added 2025/02/11 6:15 p.m.•59 views

CVE-2025-24410

8.7CVSS7.5AI score0.0005EPSS

CVE•added 2025/02/11 6:15 p.m.•59 views

CVE-2025-24420

4.3CVSS5.2AI score0.00067EPSS

CVE•added 2025/02/11 6:15 p.m.•59 views

CVE-2025-24423

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to modify select data. Exploitation of this issue...

4.3CVSS5.9AI score0.00066EPSS

CVE•added 2025/02/11 6:15 p.m.•58 views

CVE-2025-24416

8.7CVSS7.5AI score0.0005EPSS

CVE•added 2025/02/11 6:15 p.m.•58 views

CVE-2025-24428

5.4CVSS5.3AI score0.00035EPSS

CVE•added 2025/02/11 6:15 p.m.•57 views

CVE-2025-24425

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the ...

5.3CVSS5.6AI score0.00225EPSS

CVE•added 2025/02/11 6:15 p.m.•56 views

CVE-2025-24418

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized ...

8.1CVSS8.2AI score0.00107EPSS

CVE•added 2025/02/11 6:15 p.m.•55 views

CVE-2025-24413

8.7CVSS7.5AI score0.0005EPSS

CVE•added 2025/02/11 6:15 p.m.•52 views

CVE-2025-24435

4.3CVSS5.1AI score0.00071EPSS

CVE•added 2025/04/08 9:15 p.m.•45 views

CVE-2025-27189

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to th...

4.3CVSS7.1AI score0.00054EPSS