21 matches found
CVE-2024-20758
Adobe Commerce (Magento) vulnerable versions: 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier suffer an Improper Input Validation flaw that can lead to arbitrary code execution on the underlying filesystem. Exploitation does not require user interaction, but the attack complexity is high. A...
CVE-2024-45116
CVE-2024-45116 is an XSS flaw in Adobe Commerce (Magento Open Source) affecting versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. An attacker can lure an admin or user to click a crafted link or submit a form, causing arbitrary script execution in the victim’s browser with high impact...
CVE-2024-45127
CVE-2024-45127 is cited for Adobe Commerce (Magento) in multiple documents as a stored Cross-Site Scripting (XSS) vulnerability. Affected versions include 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability allows an admin attacker to inject malicious scripts into vulnerable fo...
CVE-2024-45117
CVE-2024-45117 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Improper Input Validation that could allow an admin attacker to read files outside of permitted directories via the PHP filter chain, with a low-availability impact on the s...
CVE-2024-45124
CVE-2024-45124 affects Adobe Commerce (2.4.x: 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) with an Improper Access Control vulnerability that could bypass security features and impact integrity at a low level. Exploitation does not require user interaction. The Connected documents corrobo...
CVE-2024-45130
Summary: CVE-2024-45130 affects Adobe Commerce/Magento Open Source and Adobe Commerce B2B products in multiple documents, with an Improper Access Control vulnerability that can enable a security feature bypass. The affected versions include Adobe Commerce 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 a...
CVE-2024-45121
CVE-2024-45121 affects Adobe Commerce (Magento) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. It is an Improper Access Control (CWE-284) vulnerability that could allow a low-privileged attacker to bypass security measures, with a low impact on integrity and no required user intera...
CVE-2024-20759
CVE-2024-20759 affects Adobe Commerce (Magento) Open/Commerce platforms: versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier. The issue is a stored Cross‑Site Scripting (XSS) vulnerability in vulnerable form fields that could be exploited by a high‑privileged attacker to inject malicio...
CVE-2024-45122
Adobe Commerce/Open Source Magento Open Source CVE-2024-45122 describes an Improper Access Control vulnerability that could allow a low-privileged attacker to bypass security measures with low confidentiality impact and without user interaction. Affected versions include Adobe Commerce 2.4.7-p2, ...
CVE-2024-45148
CVE-2024-45148 affects Adobe Commerce/Magento Open Source: versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could bypass security features. A low-privileged attacker could gain unauthorized access without credentials, and e...
CVE-2024-45123
Adobe Commerce (Magento Open Source) CVE-2024-45123 is a reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. An attacker who can entice a user to visit a specially crafted URL can cause malicious JavaScript to execute in the v...
CVE-2024-45131
Adobe Commerce (Magento Open Source) vulnerability CVE-2024-45131 affects versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Improper Authorization that could allow a low-privileged attacker to bypass security features with low impact on confidentiality and integrity; e...
CVE-2024-45128
CVE-2024-45128 affects Adobe Commerce and Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Improper Authorization that could allow a low-privileged attacker to bypass security features, with a resulting, albeit low, impact on integrity and ...
CVE-2024-45115
Adobe Commerce CVE-2024-45115 affects multiple 2.4.x releases (2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) with an Improper Authentication vulnerability that can escalate privileges without user interaction. The issue is documented with a high-impact CVSS v3.1 (9.8, AV:N/AC:L/PR:N/UI:N/S...
CVE-2024-45125
Adobe Commerce (Magento Open Source) CVE-2024-45125 affects versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, due to an Incorrect Authorization vulnerability that can bypass security features. The issue allows a low-privilege attacker to impact integrity with a low severity (CVSS 3.1:...
CVE-2024-45133
CVE-2024-45133 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Information Exposure vulnerability that could enable a security feature bypass, with a low confidentiality impact and no required user interaction. Exploitation does not require use...
CVE-2024-45118
CVE-2024-45118 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, with an Improper Access Control vulnerability (CWE-284) that could allow a low-privileged attacker to bypass security features and impact integrity. The reports consistently describe a high-impact,...
CVE-2024-45129
CVE-2024-45129 affects Adobe Commerce (and Magento Open Source) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, due to an Improper Access Control vulnerability that could enable privilege escalation. A low-privileged attacker could bypass security controls and achieve integrity impa...
CVE-2024-45132
CVE-2024-45132 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Improper Authorization vulnerability that could enable a privilege escalation . A low-privileged attacker could bypass security measures and gain access with higher privileges, with...
CVE-2024-45134
CVE-2024-45134 (Adobe Commerce) affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability is an Information Exposure that could result in a security feature bypass, with a low confidentiality impact. Exploitation does not require user interaction and, ...
CVE-2024-45135
Summary of CVE-2024-45135 : Adobe Commerce (versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier) is affected by an Improper Access Control vulnerability that could result in a security feature bypass. The underlying issue is an access-control flaw that could be exploited by an admin atta...