CVE-2024-34111

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted request to the server, which could then cause the server to execute arbitrary code. Exploitation of this issue does not require user interaction.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/magento/apsb24-40.html

Configurations

No configuration.

History

13 Jun 2024, 18:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-13 09:15

Updated : 2024-06-13 18:35

NVD link : CVE-2024-34111

Mitre link : CVE-2024-34111

CVE.ORG link : CVE-2024-34111

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

6.5 /10