CVE-2024-39416

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 14, 2024

CWE ID 285

Summary

CVE-2024-39416 is a newly identified vulnerability affecting Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and older. This issue represents an Improper Authorization vulnerability, allowing a low-privileged attacker to bypass security measures and access minor information without user interaction. The severity of this vulnerability lies in the potential security feature bypass, making it crucial for affected Adobe Commerce users to apply the necessary patches promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe Commerce

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wovPop
https://www.cve.org/CVERecord?id=CVE-2024-39416
https://nvd.nist.gov/vuln/detail/CVE-2024-39416

Back to Vulnerability Database