CVSS 3.1 Score 6.5 of 10 (medium)


Published Feb 15, 2024
Updated: Feb 16, 2024
CWE ID 352


CVE-2024-20718 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6, and earlier. This vulnerability could potentially lead to a security feature bypass, allowing an attacker to deceive a victim into performing unintended actions. Exploiting this vulnerability requires user interaction, typically through clicking on a malicious link or visiting a compromised website. The affected products include several versions of Adobe Commerce. Organizations can remediate this vulnerability by updating to the latest version of Adobe Commerce and advising users to exercise caution while interacting with unfamiliar links or websites due to the potential danger of unauthorized access and bypassing security measures. The rating for this vulnerability is classified as MEDIUM severity, with an impact score of 3.6 out of 10 and an exploitability score of 2.8 out of 10, according to's analysis based on CVSS:3.1 metrics for base severity, privileges required, user interaction, attack vector, integrity impact, confidentiality impact, attack complexity, and availability impact.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-20718 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options