CVE-2024-45132 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-45132

CVE-2024-45132

October 10, 2024

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.

Affected Packages

magento/community-edition (PHP):

Affected version(s) >=2.4.4-p2 <2.4.5-p10

Fix Suggestion:

Update to version 2.4.5-p10

magento/community-edition (PHP):

Affected version(s) >=2.4.5-p2 <2.4.6-p8

Fix Suggestion:

Update to version 2.4.6-p8

magento/community-edition (PHP):

Affected version(s) >=dev-2.5-develop <=dev-32368-qraphql-get-cart-type

Fix Suggestion:

Update to version no_fix

magento/community-edition (PHP):

Affected version(s) >=dev-2c18c9e <2.4.4-p11

Fix Suggestion:

Update to version 2.4.4-p11

magento/community-edition (PHP):

Affected version(s) >=2.4.7-beta1 <2.4.7-p3

Fix Suggestion:

Update to version 2.4.7-p3

Related Resources (3)

https://github.com/magento/magento2

https://nvd.nist.gov/vuln/detail/CVE-2024-45132

https://helpx.adobe.com/security/products/magento/apsb24-73.html

Do you need more information?

CVSS v4

Base Score:

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Incorrect Authorization

Improper Authorization

EPSS

Base Score:

0.13