CVE-2024-45148

EUVD-2024-41332
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
adobeCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
adobeadobe_commerce
𝑥
≤ 2.4.4-p10
adobecommerce
-
adobecommerce
2.3.7
adobecommerce
2.3.7:p1
adobecommerce
2.3.7:p2
adobecommerce
2.3.7:p3
adobecommerce
2.3.7:p4
adobecommerce
2.3.7:p4-ext1
adobecommerce
2.3.7:p4-ext2
adobecommerce
2.3.7:p4-ext3
adobecommerce
2.3.7:p4-ext4
adobecommerce
2.4.0
adobecommerce
2.4.0
adobecommerce
2.4.0:ext-1
adobecommerce
2.4.0:ext-2
adobecommerce
2.4.0:ext-3
adobecommerce
2.4.0:ext-4
adobecommerce
2.4.1
adobecommerce
2.4.1
adobecommerce
2.4.1:ext-1
adobecommerce
2.4.1:ext-2
adobecommerce
2.4.1:ext-3
adobecommerce
2.4.1:ext-4
adobecommerce
2.4.2
adobecommerce
2.4.2
adobecommerce
2.4.2:ext-1
adobecommerce
2.4.2:ext-2
adobecommerce
2.4.2:ext-3
adobecommerce
2.4.2:ext-4
adobecommerce
2.4.2:p1
adobecommerce
2.4.2:p2
adobecommerce
2.4.3
adobecommerce
2.4.3
adobecommerce
2.4.3:ext-1
adobecommerce
2.4.3:ext-2
adobecommerce
2.4.3:ext-3
adobecommerce
2.4.3:ext-4
adobecommerce
2.4.3:p1
adobecommerce
2.4.3:p2
adobecommerce
2.4.4
adobecommerce
2.4.4:p1
adobecommerce
2.4.4:p10
adobecommerce
2.4.4:p2
adobecommerce
2.4.4:p3
adobecommerce
2.4.4:p4
adobecommerce
2.4.4:p5
adobecommerce
2.4.4:p6
adobecommerce
2.4.4:p7
adobecommerce
2.4.4:p8
adobecommerce
2.4.4:p9
adobecommerce
2.4.5
adobecommerce
2.4.5:p1
adobecommerce
2.4.5:p2
adobecommerce
2.4.5:p3
adobecommerce
2.4.5:p4
adobecommerce
2.4.5:p5
adobecommerce
2.4.5:p6
adobecommerce
2.4.5:p7
adobecommerce
2.4.5:p8
adobecommerce
2.4.5:p9
adobecommerce
2.4.6
adobecommerce
2.4.6:p1
adobecommerce
2.4.6:p2
adobecommerce
2.4.6:p3
adobecommerce
2.4.6:p4
adobecommerce
2.4.6:p5
adobecommerce
2.4.6:p6
adobecommerce
2.4.6:p7
adobecommerce
2.4.7
adobecommerce
2.4.7:b1
adobecommerce
2.4.7:b2
adobecommerce
2.4.7:p1
adobecommerce
2.4.7:p2
adobecommerce_b2b
1.3.3
adobecommerce_b2b
1.3.3:p10
adobecommerce_b2b
1.3.4
adobecommerce_b2b
1.3.4:p9
adobecommerce_b2b
1.3.5
adobecommerce_b2b
1.3.5:p7
adobecommerce_b2b
1.4.2
adobecommerce_b2b
1.4.2:p1
adobecommerce_b2b
1.4.2:p2
adobemagento
-
adobemagento
2.4.3
adobemagento
2.4.4
adobemagento
2.4.4:p1
adobemagento
2.4.4:p10
adobemagento
2.4.4:p2
adobemagento
2.4.4:p3
adobemagento
2.4.4:p4
adobemagento
2.4.4:p5
adobemagento
2.4.4:p6
adobemagento
2.4.4:p7
adobemagento
2.4.4:p8
adobemagento
2.4.4:p9
adobemagento
2.4.5
adobemagento
2.4.5:p1
adobemagento
2.4.5:p2
adobemagento
2.4.5:p3
adobemagento
2.4.5:p4
adobemagento
2.4.5:p5
adobemagento
2.4.5:p6
adobemagento
2.4.5:p7
adobemagento
2.4.5:p8
adobemagento
2.4.5:p9
adobemagento
2.4.6
adobemagento
2.4.6:p1
adobemagento
2.4.6:p2
adobemagento
2.4.6:p3
adobemagento
2.4.6:p4
adobemagento
2.4.6:p5
adobemagento
2.4.6:p6
adobemagento
2.4.6:p7
adobemagento
2.4.7
adobemagento
2.4.7:b1
adobemagento
2.4.7:p1
adobemagento
2.4.7:p2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://helpx.adobe.com/security/products/magento/apsb24-73.html