CVE-2024-39399
CVSS 3.1 Score 7.7 of 10 (high)
Details
Summary
CVE-2024-39399 is a newly disclosed vulnerability affecting Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier. This issue is classified as a Path Traversal vulnerability, which allows a low-privileged attacker to access arbitrarily chosen files and directories outside of the restricted directory without user interaction. The consequence of this vulnerability is a potential data exposure, giving an attacker unauthorized access to sensitive information. Exploitation of this vulnerability does not require user interaction, and the attacker's scope is extended beyond the intended access level.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Adobe Commerce
Affected Vendors
- Adobe