9.8
CVE-2024-45115
- EPSS 0.34%
- Published 10.10.2024 10:15:03
- Last modified 10.10.2024 21:51:56
- Source psirt@adobe.com
- Teams watchlist Login
- Open Login
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.
Data is provided by the National Vulnerability Database (NVD)
Adobe ≫ Commerce B2b Version1.3.3 Update-
Adobe ≫ Commerce B2b Version1.3.3 Updatep10
Adobe ≫ Commerce B2b Version1.3.4 Update-
Adobe ≫ Commerce B2b Version1.3.4 Updatep9
Adobe ≫ Commerce B2b Version1.3.5 Update-
Adobe ≫ Commerce B2b Version1.3.5 Updatep7
Adobe ≫ Commerce B2b Version1.4.2 Update-
Adobe ≫ Commerce B2b Version1.4.2 Updatep1
Adobe ≫ Commerce B2b Version1.4.2 Updatep2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.561 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| psirt@adobe.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.