CVE-2024-39405

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 14, 2024

CWE ID 285

Summary

CVE-2024-39405 is a newly disclosed vulnerability that affects Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier. This issue constitutes an Improper Authorization vulnerability, enabling a low-privileged attacker to bypass security measures without user interaction. The attacker can then modify minor information, potentially leading to significant security risks. This vulnerability must be addressed promptly to prevent unauthorized access and potential data breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe Commerce

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wovG5X
https://www.cve.org/CVERecord?id=CVE-2024-39405
https://nvd.nist.gov/vuln/detail/CVE-2024-39405

Back to Vulnerability Database