CVE-2024-22407

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 16, 2024
Updated: Jan 24, 2024
CWE ID 284

Summary

CVE-2024-22407 is a vulnerability affecting the Shopware open-source headless commerce platform. In the Shopware CMS, the state handler for orders inadequately verifies user authorizations, enabling unauthorized users without 'write' permissions to modify payment, delivery, and order statuses. This issue has been addressed in Shopware 6.5.7.4. Older versions of 6.1, 6.2, 6.3, and 6.4 can apply security measures via available plugins. It is recommended to update to the latest Shopware version for full functionality and enhanced security.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share