CVE-2024-20718

Summary

CVE-2024-20718 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6, and earlier. This vulnerability could potentially lead to a security feature bypass, allowing an attacker to deceive a victim into performing unintended actions. Exploiting this vulnerability requires user interaction, typically through clicking on a malicious link or visiting a compromised website. The affected products include several versions of Adobe Commerce. Organizations can remediate this vulnerability by updating to the latest version of Adobe Commerce and advising users to exercise caution while interacting with unfamiliar links or websites due to the potential danger of unauthorized access and bypassing security measures. The rating for this vulnerability is classified as MEDIUM severity, with an impact score of 3.6 out of 10 and an exploitability score of 2.8 out of 10, according to [email protected]'s analysis based on CVSS:3.1 metrics for base severity, privileges required, user interaction, attack vector, integrity impact, confidentiality impact, attack complexity, and availability impact.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.