Lucene search

AdobeVULNRICHMENT:CVE-2024-34106

HistoryJun 13, 2024 - 9:05 a.m.

CVE-2024-34106 Insecure Direct Object Reference - An attacker can able to erase the victim quote details

2024-06-1309:05:02

CWE-863

adobe

github.com

adobe commerce

insecure direct object reference

cve-2024-34106

incorrect authorization

security bypass

unauthorized access

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

JSON

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.

CNA Affected

[
  {
    "vendor": "Adobe",
    "product": "Adobe Commerce",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "2.4.4-p8"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

helpx.adobe.com/security/products/magento/apsb24-40.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for VULNRICHMENT:CVE-2024-34106