5.3

CVE-2024-34106

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeCommerce Version2.3.7 Update-
AdobeCommerce Version2.3.7 Updatep1
AdobeCommerce Version2.3.7 Updatep2
AdobeCommerce Version2.3.7 Updatep3
AdobeCommerce Version2.3.7 Updatep4
AdobeCommerce Version2.3.7 Updatep4-ext1
AdobeCommerce Version2.3.7 Updatep4-ext2
AdobeCommerce Version2.3.7 Updatep4-ext3
AdobeCommerce Version2.3.7 Updatep4-ext4
AdobeCommerce Version2.4.0 Update-
AdobeCommerce Version2.4.0 Updateext-1
AdobeCommerce Version2.4.0 Updateext-2
AdobeCommerce Version2.4.0 Updateext-3
AdobeCommerce Version2.4.0 Updateext-4
AdobeCommerce Version2.4.1 Update-
AdobeCommerce Version2.4.1 Updateext-1
AdobeCommerce Version2.4.1 Updateext-2
AdobeCommerce Version2.4.1 Updateext-3
AdobeCommerce Version2.4.1 Updateext-4
AdobeCommerce Version2.4.2 Update-
AdobeCommerce Version2.4.2 Updateext-1
AdobeCommerce Version2.4.2 Updateext-2
AdobeCommerce Version2.4.2 Updateext-3
AdobeCommerce Version2.4.2 Updateext-4
AdobeCommerce Version2.4.3 Update-
AdobeCommerce Version2.4.3 Updateext-1
AdobeCommerce Version2.4.3 Updateext-2
AdobeCommerce Version2.4.3 Updateext-3
AdobeCommerce Version2.4.3 Updateext-4
AdobeCommerce Version2.4.4 Update-
AdobeCommerce Version2.4.4 Updatep1
AdobeCommerce Version2.4.4 Updatep2
AdobeCommerce Version2.4.4 Updatep3
AdobeCommerce Version2.4.4 Updatep4
AdobeCommerce Version2.4.4 Updatep5
AdobeCommerce Version2.4.4 Updatep6
AdobeCommerce Version2.4.5 Update-
AdobeCommerce Version2.4.5 Updatep1
AdobeCommerce Version2.4.5 Updatep2
AdobeCommerce Version2.4.5 Updatep3
AdobeCommerce Version2.4.5 Updatep4
AdobeCommerce Version2.4.5 Updatep5
AdobeCommerce Version2.4.6 Update-
AdobeCommerce Version2.4.6 Updatep1
AdobeCommerce Version2.4.6 Updatep2
AdobeCommerce Version2.4.6 Updatep3
AdobeCommerce Webhooks Version >= 1.2.0 <= 1.4.0
AdobeMagento Version2.4.4 Update- SwEditionopen_source
AdobeMagento Version2.4.4 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep5 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep6 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep7 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep8 SwEditionopen_source
AdobeMagento Version2.4.5 Update- SwEditionopen_source
AdobeMagento Version2.4.5 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep5 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep6 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep7 SwEditionopen_source
AdobeMagento Version2.4.6 Update- SwEditionopen_source
AdobeMagento Version2.4.6 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep5 SwEditionopen_source
AdobeMagento Version2.4.7 Updateb1 SwEditionopen_source
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.503
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@adobe.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.