CVE-2024-39406
CVSS 3.1 Score 6.8 of 10 (medium)
Details
Summary
CVE-2024-39406 is a newly disclosed vulnerability affecting Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and older. This issue is classified as a Path Traversal vulnerability, which allows an unauthorized admin user to access files and directories beyond the restricted directory. Exploitation of this flaw occurs without user interaction, making it a serious concern for affected systems. The vulnerability arises due to insufficient limitations on file pathnames, potentially granting attackers unrestricted read access to critical files. Organizations utilizing the affected Adobe Commerce versions are urged to apply patches or updates to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Adobe Commerce
Affected Vendors
- Adobe