7.2
CVE-2024-34110
- EPSS 2.81%
- Veröffentlicht 13.06.2024 09:15:13
- Zuletzt bearbeitet 21.11.2024 09:18:07
- Quelle psirt@adobe.com
- Teams Watchlist Login
- Unerledigt Login
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malicious file to the system, which could then be executed. Exploitation of this issue does not require user interaction.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Commerce Webhooks Version >= 1.2.0 <= 1.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.81% | 0.856 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@adobe.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.