CVE-2024-39412
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-39412 is a new vulnerability affecting Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and older. This security issue involves an Improper Authorization flaw that enables a low-privileged attacker to bypass crucial security features without user interaction. The vulnerability grants the attacker permission to execute minor integrity changes, potentially leading to significant security risks. The specifics of the bypass method are not disclosed in the current advisory. Adobe Commerce users are strongly encouraged to promptly update their systems to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Adobe Commerce
Affected Vendors
- Adobe