Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.
References
Link | Resource |
---|---|
https://helpx.adobe.com/security/products/magento/apsb24-61.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
14 Aug 2024, 14:45
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:* cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:* |
|
First Time |
Adobe commerce
Adobe magento Adobe |
|
References | () https://helpx.adobe.com/security/products/magento/apsb24-61.html - Vendor Advisory |
14 Aug 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-14 12:15
Updated : 2024-08-14 14:45
NVD link : CVE-2024-39402
Mitre link : CVE-2024-39402
CVE.ORG link : CVE-2024-39402
JSON object : View
Products Affected
adobe
- magento
- commerce
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')