Commerce@2.4.0 Security Vulnerabilities and Issues — Commerce@2.4.0 CVE List

Lucene search

AdobeCommerce2.4.0

30 matches found

CVE•added 2024/04/10 12:15 p.m.•148 views

CVE-2024-20758

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexit...

9CVSS9AI score0.00892EPSS

CVE•added 2024/04/10 12:15 p.m.•80 views

CVE-2024-20759

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victi...

8.1CVSS6.8AI score0.0064EPSS

CVE•added 2024/06/13 9:15 a.m.•76 views

CVE-2024-34103

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploit...

8.1CVSS8.2AI score0.00532EPSS

CVE•added 2024/06/13 9:15 a.m.•70 views

CVE-2024-34104

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both con...

8.2CVSS8.1AI score0.00181EPSS

CVE•added 2024/06/13 9:15 a.m.•66 views

CVE-2024-34111

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbi...

8.8CVSS7.6AI score0.00219EPSS

CVE•added 2024/06/13 9:15 a.m.•62 views

CVE-2024-34109

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are...

7.2CVSS7.3AI score0.01888EPSS

CVE•added 2024/06/13 9:15 a.m.•59 views

CVE-2024-34107

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploit...

9.8CVSS7.2AI score0.00195EPSS

CVE•added 2024/06/13 9:15 a.m.•57 views

CVE-2024-34105

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...

4.8CVSS4.6AI score0.00401EPSS

CVE•added 2024/06/13 9:15 a.m.•57 views

CVE-2024-34110

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the sys...

7.2CVSS7.4AI score0.01922EPSS

CVE•added 2024/06/13 9:15 a.m.•55 views

CVE-2024-34108

9.1CVSS8.6AI score0.01888EPSS

CVE•added 2024/10/10 10:15 a.m.•55 views

CVE-2024-45123

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context...

6.1CVSS5.8AI score0.00347EPSS

CVE•added 2024/10/10 10:15 a.m.•54 views

CVE-2024-45148

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Ex...

8.8CVSS8.8AI score0.00314EPSS

CVE•added 2024/10/10 10:15 a.m.•51 views

CVE-2024-45116

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scri...

8.1CVSS7.2AI score0.05319EPSS

CVE•added 2024/10/10 10:15 a.m.•51 views

CVE-2024-45131

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confid...

5.4CVSS5.3AI score0.00091EPSS

CVE•added 2024/10/10 10:15 a.m.•50 views

CVE-2024-45127

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

4.8CVSS4.6AI score0.00314EPSS

CVE•added 2024/06/13 9:15 a.m.•49 views

CVE-2024-34106

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another...

5.3CVSS5.3AI score0.00288EPSS

CVE•added 2024/10/10 10:15 a.m.•49 views

CVE-2024-45128

5.4CVSS5.3AI score0.00132EPSS

CVE•added 2024/10/10 10:15 a.m.•48 views

CVE-2024-45117

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories ...

7.6CVSS7.4AI score0.006EPSS

CVE•added 2024/10/10 10:15 a.m.•45 views

CVE-2024-45133

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further atta...

2.7CVSS3.3AI score0.00122EPSS

CVE•added 2024/10/10 10:15 a.m.•44 views

CVE-2024-45115

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exp...

9.8CVSS9.7AI score0.00299EPSS

CVE•added 2024/10/10 10:15 a.m.•43 views

CVE-2024-45134

2.7CVSS3.9AI score0.00293EPSS

CVE•added 2024/10/10 10:15 a.m.•42 views

CVE-2024-45125

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this iss...

4.3CVSS4.4AI score0.00084EPSS

CVE•added 2024/10/10 10:15 a.m.•40 views

CVE-2024-45121

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integ...

4.3CVSS4.8AI score0.00106EPSS

CVE•added 2024/10/10 10:15 a.m.•40 views

CVE-2024-45130

4.3CVSS4.8AI score0.00101EPSS

CVE•added 2024/10/10 10:15 a.m.•39 views

CVE-2024-45132

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploita...

6.5CVSS6.7AI score0.00128EPSS

CVE•added 2024/10/10 10:15 a.m.•38 views

CVE-2024-45124

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploita...

5.3CVSS5.1AI score0.00159EPSS

CVE•added 2024/10/10 10:15 a.m.•38 views

CVE-2024-45129

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity....

4.3CVSS4.9AI score0.00101EPSS

CVE•added 2024/10/10 10:15 a.m.•37 views

CVE-2024-45118

6.5CVSS6.3AI score0.00106EPSS

CVE•added 2024/10/10 10:15 a.m.•37 views

CVE-2024-45122

4.3CVSS4.4AI score0.00101EPSS

CVE•added 2024/10/10 10:15 a.m.•33 views

CVE-2024-45135

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Ex...

2.7CVSS4AI score0.00163EPSS