CVE-2024-39405

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 14, 2024
CWE ID 285

Summary

CVE-2024-39405 is a newly disclosed vulnerability that affects Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier. This issue constitutes an Improper Authorization vulnerability, enabling a low-privileged attacker to bypass security measures without user interaction. The attacker can then modify minor information, potentially leading to significant security risks. This vulnerability must be addressed promptly to prevent unauthorized access and potential data breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share