Commerce Webhooks Security Vulnerabilities and Issues — Commerce Webhooks CVE List

AdobeCommerce Webhooks

10 matches found

CVE•added 2024/06/13 9:4 a.m.•361 views

CVE-2024-34102

CVE-2024-34102 is an XXE vulnerability in Adobe Commerce/Magento Open Source that allows remote code execution. The issue affects Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier, via improper restriction of XML external entity references. Exploitation can occur without use...

9.8CVSS9.6AI score0.99994EPSS

In wild

CVE•added 2024/06/13 9:4 a.m.•137 views

CVE-2024-34104

Adobe Commerce (Magento Open Source) versions affected by CVE-2024-34104 include 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. The issue is described as Improper Authorization that could bypass security features, allowing unauthorized access with confidentiality and integrity impact. Exploitat...

8.2CVSS8.1AI score0.00791EPSS

CVE•added 2024/06/13 9:4 a.m.•126 views

CVE-2024-34111

CVE-2024-34111 is a Server-Side Request Forgery (SSRF) affecting Adobe Commerce/Magento Open Source versions up to 2.4.7 and earlier (e.g., 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier). The issue allows a low-privilege, authenticated attacker to cause arbitrary file system reads by injecting ...

8.8CVSS7.6AI score0.01123EPSS

CVE•added 2024/06/13 9:5 a.m.•123 views

CVE-2024-34109

CVE-2024-34109 affects Adobe Commerce/Magento Open Source; affected versions are 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. It is an Improper Input Validation vulnerability that could enable arbitrary code execution in the context of the current user. Exploitation does not require user inte...

7.2CVSS7.3AI score0.01561EPSS

CVE•added 2024/06/13 9:4 a.m.•121 views

CVE-2024-34110

CVE-2024-34110 affects Adobe Commerce and Magento Open Source versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. It is an Unrestricted Upload of File with Dangerous Type vulnerability that could enable arbitrary code execution . A high-privilege attacker can upload a malicious file and hav...

7.2CVSS7.4AI score0.01386EPSS

CVE•added 2024/06/13 9:4 a.m.•120 views

CVE-2024-34105

CVE-2024-34105 concerns Adobe Commerce/Magento Open Source versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. The issue is a stored Cross-Site Scripting (XSS) in order form fields that an admin attacker can abuse to inject malicious scripts, which may execute in a victim’s browser when loa...

4.8CVSS4.6AI score0.0067EPSS

CVE•added 2024/06/13 9:5 a.m.•91 views

CVE-2024-34103

CVE-2024-34103 affects Adobe Commerce/Magento Open Source: versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier; described as Improper Authentication leading to privilege escalation. Exploitation requires no user interaction but has high attack complexity. Connected sources reference an accou...

8.1CVSS8.2AI score0.00781EPSS

CVE•added 2024/06/13 9:4 a.m.•72 views

CVE-2024-34107

Adobe Commerce/Open Source Magento is affected by CVE-2024-34107 (Improper Access Control). Affected versions include 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. The vulnerability allows bypassing security controls to view minor unauthorized information, with exploitation not requiring user ...

9.8CVSS7.2AI score0.01134EPSS

CVE•added 2024/06/13 9:5 a.m.•68 views

CVE-2024-34106

Adobe Commerce/Magento Open Source versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that can bypass security features and allow an attacker to gain unauthorized access or perform actions with another user’s privileges. Exploitation ...

5.3CVSS5.3AI score0.00846EPSS

CVE•added 2024/06/13 9:4 a.m.•67 views

CVE-2024-34108

Adobe Commerce/Magento Open Source

9.1CVSS8.6AI score0.01616EPSS