CVE-2024-39412

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 14, 2024
Updated: Oct 16, 2024
CWE ID 285

Summary

CVE-2024-39412 is a new vulnerability affecting Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and older. This security issue involves an Improper Authorization flaw that enables a low-privileged attacker to bypass crucial security features without user interaction. The vulnerability grants the attacker permission to execute minor integrity changes, potentially leading to significant security risks. The specifics of the bypass method are not disclosed in the current advisory. Adobe Commerce users are strongly encouraged to promptly update their systems to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share