CVE-2024-39406

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Aug 14, 2024
Updated: Oct 16, 2024
CWE ID 22

Summary

CVE-2024-39406 is a newly disclosed vulnerability affecting Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and older. This issue is classified as a Path Traversal vulnerability, which allows an unauthorized admin user to access files and directories beyond the restricted directory. Exploitation of this flaw occurs without user interaction, making it a serious concern for affected systems. The vulnerability arises due to insufficient limitations on file pathnames, potentially granting attackers unrestricted read access to critical files. Organizations utilizing the affected Adobe Commerce versions are urged to apply patches or updates to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share