9

CVE-2024-20758

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high.

Data is provided by the National Vulnerability Database (NVD)
AdobeCommerce Version-
AdobeCommerce Version2.3.7 Update-
AdobeCommerce Version2.3.7 Updatep1
AdobeCommerce Version2.3.7 Updatep2
AdobeCommerce Version2.3.7 Updatep3
AdobeCommerce Version2.3.7 Updatep4
AdobeCommerce Version2.3.7 Updatep4-ext1
AdobeCommerce Version2.3.7 Updatep4-ext2
AdobeCommerce Version2.3.7 Updatep4-ext3
AdobeCommerce Version2.3.7 Updatep4-ext4
AdobeCommerce Version2.4.0 Update-
AdobeCommerce Version2.4.0 Updateext-1
AdobeCommerce Version2.4.0 Updateext-2
AdobeCommerce Version2.4.0 Updateext-3
AdobeCommerce Version2.4.0 Updateext-4
AdobeCommerce Version2.4.1 Update-
AdobeCommerce Version2.4.1 Updateext-1
AdobeCommerce Version2.4.1 Updateext-2
AdobeCommerce Version2.4.1 Updateext-3
AdobeCommerce Version2.4.1 Updateext-4
AdobeCommerce Version2.4.2 Update-
AdobeCommerce Version2.4.2 Updateext-1
AdobeCommerce Version2.4.2 Updateext-2
AdobeCommerce Version2.4.2 Updateext-3
AdobeCommerce Version2.4.2 Updateext-4
AdobeCommerce Version2.4.2 Updateext-6
AdobeCommerce Version2.4.2 Updatep1
AdobeCommerce Version2.4.2 Updatep2
AdobeCommerce Version2.4.3 Update-
AdobeCommerce Version2.4.3 Updateext-1
AdobeCommerce Version2.4.3 Updateext-2
AdobeCommerce Version2.4.3 Updateext-3
AdobeCommerce Version2.4.3 Updateext-4
AdobeCommerce Version2.4.3 Updateext-6
AdobeCommerce Version2.4.3 Updatep1
AdobeCommerce Version2.4.3 Updatep2
AdobeCommerce Version2.4.4 Update-
AdobeCommerce Version2.4.4 Updatep1
AdobeCommerce Version2.4.4 Updatep2
AdobeCommerce Version2.4.4 Updatep3
AdobeCommerce Version2.4.4 Updatep4
AdobeCommerce Version2.4.4 Updatep5
AdobeCommerce Version2.4.4 Updatep6
AdobeCommerce Version2.4.4 Updatep7
AdobeCommerce Version2.4.5 Update-
AdobeCommerce Version2.4.5 Updatep1
AdobeCommerce Version2.4.5 Updatep2
AdobeCommerce Version2.4.5 Updatep3
AdobeCommerce Version2.4.5 Updatep4
AdobeCommerce Version2.4.5 Updatep5
AdobeCommerce Version2.4.5 Updatep6
AdobeCommerce Version2.4.6 Update-
AdobeCommerce Version2.4.6 Updatep1
AdobeCommerce Version2.4.6 Updatep2
AdobeCommerce Version2.4.6 Updatep3
AdobeCommerce Version2.4.6 Updatep4
AdobeCommerce Version2.4.7 Update-
AdobeCommerce Version2.4.7 Updateb1
AdobeCommerce Version2.4.7 Updateb2
AdobeCommerce Version2.4.7 Updatebeta3
AdobeMagento Version2.4.4 Update- SwEditionopen_source
AdobeMagento Version2.4.4 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep5 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep6 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep7 SwEditionopen_source
AdobeMagento Version2.4.5 Update- SwEditionopen_source
AdobeMagento Version2.4.5 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep5 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep6 SwEditionopen_source
AdobeMagento Version2.4.6 Update- SwEditionopen_source
AdobeMagento Version2.4.6 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.7 Update- SwEditionopen_source
AdobeMagento Version2.4.7 Updateb1 SwEditionopen_source
AdobeMagento Version2.4.7 Updateb2 SwEditionopen_source
AdobeMagento Version2.4.7 Updatebeta3 SwEditionopen_source
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.21% 0.782
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9 2.2 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
psirt@adobe.com 9 2.2 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.