8.1
CVE-2024-34103
- EPSS 0.65%
- Veröffentlicht 13.06.2024 09:15:10
- Zuletzt bearbeitet 21.11.2024 09:18:06
- Quelle psirt@adobe.com
- Teams Watchlist Login
- Unerledigt Login
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Commerce Webhooks Version >= 1.2.0 <= 1.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.698 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@adobe.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.