CVE-2024-39399

CVSS 3.1 Score 7.7 of 10 (high)

Details

Published Aug 14, 2024
CWE ID 22

Summary

CVE-2024-39399 is a newly disclosed vulnerability affecting Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier. This issue is classified as a Path Traversal vulnerability, which allows a low-privileged attacker to access arbitrarily chosen files and directories outside of the restricted directory without user interaction. The consequence of this vulnerability is a potential data exposure, giving an attacker unauthorized access to sensitive information. Exploitation of this vulnerability does not require user interaction, and the attacker's scope is extended beyond the intended access level.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share