Improper Authorization

CVE-2024-39416

Medium

4.3/10

Summary

Adobe Commerce versions 2.4.4 through 2.4.4-p9, 2.4.5 through 2.4.5-p8, 2.4.6 through 2.4.6-p6, 2.4.7 through 2.4.7-p1 are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-285 - Improper Authorization

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References

Advisory
Advisory

Advisory Timeline

Published Aug 14, 2024

Improper Authorization

CVE-2024-39416

Summary

CWE-285 - Improper Authorization

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS