CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-39412

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity change. Exploitation of this issue does not require user interaction.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.1%

CVSS Severity

CVSS v3 Score 4.3

References

https://helpx.adobe.com/security/products/magento/apsb24-61.html

Products affected by CVE-2024-39412

Adobe » Commerce » Version: N/A

cpe:2.3:a:adobe:commerce:-
Adobe » Commerce » Version: 2.3.7

cpe:2.3:a:adobe:commerce:2.3.7
Adobe » Commerce » Version: 2.4.0

cpe:2.3:a:adobe:commerce:2.4.0
Adobe » Commerce » Version: 2.4.1

cpe:2.3:a:adobe:commerce:2.4.1
Adobe » Commerce » Version: 2.4.2

cpe:2.3:a:adobe:commerce:2.4.2
Adobe » Commerce » Version: 2.4.3

cpe:2.3:a:adobe:commerce:2.4.3
Adobe » Commerce » Version: 2.4.4

cpe:2.3:a:adobe:commerce:2.4.4
Adobe » Commerce » Version: 2.4.5

cpe:2.3:a:adobe:commerce:2.4.5
Adobe » Commerce » Version: 2.4.6

cpe:2.3:a:adobe:commerce:2.4.6
Adobe » Commerce » Version: 2.4.7

cpe:2.3:a:adobe:commerce:2.4.7
Adobe » Magento » Version: N/A

cpe:2.3:a:adobe:magento:-
Adobe » Magento » Version: 2.4.3

cpe:2.3:a:adobe:magento:2.4.3
Adobe » Magento » Version: 2.4.4

cpe:2.3:a:adobe:magento:2.4.4
Adobe » Magento » Version: 2.4.5

cpe:2.3:a:adobe:magento:2.4.5
Adobe » Magento » Version: 2.4.6

cpe:2.3:a:adobe:magento:2.4.6
Adobe » Magento » Version: 2.4.7

cpe:2.3:a:adobe:magento:2.4.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-39412

Products

Pricing

Contact Us