Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction..
References
Link | Resource |
---|---|
https://helpx.adobe.com/security/products/magento/apsb24-40.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Aug 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.. |
09 Jul 2024, 15:24
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Adobe commerce Webhooks
Adobe Adobe commerce Adobe magento |
|
CPE | cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:* |
|
References | () https://helpx.adobe.com/security/products/magento/apsb24-40.html - Vendor Advisory |
13 Jun 2024, 18:35
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
13 Jun 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-13 09:15
Updated : 2024-08-07 15:15
NVD link : CVE-2024-34111
Mitre link : CVE-2024-34111
CVE.ORG link : CVE-2024-34111
JSON object : View
Products Affected
adobe
- magento
- commerce_webhooks
- commerce
CWE
CWE-918
Server-Side Request Forgery (SSRF)