7.6
CVE-2024-45117
- EPSS 0.64%
- Published 10.10.2024 10:15:04
- Last modified 10.10.2024 21:47:11
- Source psirt@adobe.com
- Teams watchlist Login
- Open Login
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed.
Data is provided by the National Vulnerability Database (NVD)
Adobe ≫ Commerce B2b Version1.3.3 Update-
Adobe ≫ Commerce B2b Version1.3.3 Updatep10
Adobe ≫ Commerce B2b Version1.3.4 Update-
Adobe ≫ Commerce B2b Version1.3.4 Updatep9
Adobe ≫ Commerce B2b Version1.3.5 Update-
Adobe ≫ Commerce B2b Version1.3.5 Updatep7
Adobe ≫ Commerce B2b Version1.4.2 Update-
Adobe ≫ Commerce B2b Version1.4.2 Updatep1
Adobe ≫ Commerce B2b Version1.4.2 Updatep2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.64% | 0.695 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| psirt@adobe.com | 7.6 | 2.3 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.