4.3

CVE-2024-39410

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction.

Data is provided by the National Vulnerability Database (NVD)
AdobeCommerce Version <= 2.4.3
AdobeCommerce Version2.4.4 Update-
AdobeCommerce Version2.4.4 Updatep1
AdobeCommerce Version2.4.4 Updatep2
AdobeCommerce Version2.4.4 Updatep3
AdobeCommerce Version2.4.4 Updatep4
AdobeCommerce Version2.4.4 Updatep5
AdobeCommerce Version2.4.4 Updatep6
AdobeCommerce Version2.4.4 Updatep7
AdobeCommerce Version2.4.4 Updatep8
AdobeCommerce Version2.4.4 Updatep9
AdobeCommerce Version2.4.5 Update-
AdobeCommerce Version2.4.5 Updatep1
AdobeCommerce Version2.4.5 Updatep2
AdobeCommerce Version2.4.5 Updatep3
AdobeCommerce Version2.4.5 Updatep4
AdobeCommerce Version2.4.5 Updatep5
AdobeCommerce Version2.4.5 Updatep6
AdobeCommerce Version2.4.5 Updatep7
AdobeCommerce Version2.4.5 Updatep8
AdobeCommerce Version2.4.6 Update-
AdobeCommerce Version2.4.6 Updatep1
AdobeCommerce Version2.4.6 Updatep2
AdobeCommerce Version2.4.6 Updatep3
AdobeCommerce Version2.4.6 Updatep4
AdobeCommerce Version2.4.6 Updatep5
AdobeCommerce Version2.4.6 Updatep6
AdobeCommerce Version2.4.7 Update-
AdobeCommerce Version2.4.7 Updateb1
AdobeCommerce Version2.4.7 Updateb2
AdobeCommerce Version2.4.7 Updatep1
AdobeMagento SwEditionopen_source Version <= 2.4.3
AdobeMagento Version2.4.4 Update- SwEditionopen_source
AdobeMagento Version2.4.4 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep5 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep6 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep7 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep8 SwEditionopen_source
AdobeMagento Version2.4.4 Updatep9 SwEditionopen_source
AdobeMagento Version2.4.5 Update- SwEditionopen_source
AdobeMagento Version2.4.5 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep5 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep6 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep7 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep8 SwEditionopen_source
AdobeMagento Version2.4.6 Update- SwEditionopen_source
AdobeMagento Version2.4.6 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep5 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep6 SwEditionopen_source
AdobeMagento Version2.4.7 Update- SwEditionopen_source
AdobeMagento Version2.4.7 Updateb1 SwEditionopen_source
AdobeMagento Version2.4.7 Updateb2 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep1 SwEditionopen_source
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.28% 0.51
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
psirt@adobe.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.