Home > Vulnerability Database > CVE-2024-34111

Mend.io Vulnerability Database

CVE-2024-34111

Date: June 13, 2024

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction..

Severity Score

6.5

Related Resources (8)

Url: https://github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2

Url: https://github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83c

Url: https://github.com/magento/magento2

Url: https://github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482

Url: https://helpx.adobe.com/security/products/magento/apsb24-40.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-34111

Url: https://github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799

Url: https://www.mend.io/vulnerability-database/CVE-2024-34111

Severity Score

6.5

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-34111

Date: June 13, 2024

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?