Home > Vulnerability Database > CVE-2024-39322

Mend.io Vulnerability Database

CVE-2024-39322

Date: July 2, 2024

aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.

Language: PHP

Severity Score

5.5

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-39322

Url: https://github.com/aimeos/ai-admin-jsonadm/commit/4c966e02bd52589c3c9382777cfe170eddf17b00

Url: https://github.com/aimeos/ai-admin-jsonadm/commit/16d013d0e28cecd19781f434d83fabebcc78cdc2

Url: https://github.com/aimeos/ai-admin-jsonadm/commit/640954243ce85c2c303a00dd6481ed39b3d218fb

Url: https://github.com/aimeos/ai-admin-jsonadm/security/advisories/GHSA-8fj2-587w-5whr

Url: https://github.com/aimeos/ai-admin-jsonadm

Url: https://github.com/aimeos/ai-admin-jsonadm/commit/7d1c05e8368b0a6419820fe402deac9960500026

Url: https://github.com/aimeos/ai-admin-jsonadm/commit/02a063fbd616d4e0a5aaf89f1642a856aa5ac5a5

Url: https://www.mend.io/vulnerability-database/CVE-2024-39322

Severity Score

5.5

Weakness Type (CWE)

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-39322

Date: July 2, 2024

Language: PHP

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?