{"vulnerability": "cve-2024-3940", "sightings": [{"uuid": "ed87c584-04b4-4035-9849-964df33747a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39404", "type": "seen", "source": "https://t.me/cvedetector/3131", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39404 - Adobe Commerce Improper Authorization Feature Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-39404 \nPublished : Aug. 14, 2024, 12:15 p.m. | 34\u00a0minutes ago \nDescription : Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-14T14:52:38.000000Z"}, {"uuid": "bda415ec-633e-431e-bca5-7aeb3e9e3645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39401", "type": "seen", "source": "https://t.me/cvedetector/3130", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39401 - Adobe Commerce OS Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-39401 \nPublished : Aug. 14, 2024, 12:15 p.m. | 34\u00a0minutes ago \nDescription : Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed. \nSeverity: 8.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-14T14:52:37.000000Z"}, {"uuid": "c73e2e1a-8b0c-4db2-86f9-60509cd71bd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39407", "type": "seen", "source": "https://t.me/cvedetector/3127", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39407 - Adobe Commerce Improper Authorization to Bypass Security Feature\", \n  \"Content\": \"CVE ID : CVE-2024-39407 \nPublished : Aug. 14, 2024, 12:15 p.m. | 34\u00a0minutes ago \nDescription : Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-14T14:52:31.000000Z"}, {"uuid": "9ff86037-2c96-4ba6-bbad-81c8e6a05900", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39406", "type": "seen", "source": "https://t.me/cvedetector/3126", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39406 - Adobe Commerce Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39406 \nPublished : Aug. 14, 2024, 12:15 p.m. | 34\u00a0minutes ago \nDescription : Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-14T14:52:30.000000Z"}, {"uuid": "de99dd96-d0dd-49f7-baba-195f69991afb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39403", "type": "seen", "source": "https://t.me/cvedetector/3129", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39403 - Adobe Commerce Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39403 \nPublished : Aug. 14, 2024, 12:15 p.m. | 34\u00a0minutes ago \nDescription : Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information. \nSeverity: 7.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-14T14:52:36.000000Z"}, {"uuid": "e71c264e-ce94-446a-8c1c-e6b27f2b74e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39402", "type": "seen", "source": "https://t.me/cvedetector/3128", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39402 - Adobe Commerce OS Command Injection\", \n  \"Content\": \"CVE ID : CVE-2024-39402 \nPublished : Aug. 14, 2024, 12:15 p.m. | 34\u00a0minutes ago \nDescription : Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed. \nSeverity: 8.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-14T14:52:35.000000Z"}, {"uuid": "c67a7730-81ab-415f-b16b-d57af89e25e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39408", "type": "seen", "source": "https://t.me/cvedetector/3125", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39408 - Adobe Commerce CSRF-Based Unauthorized Action Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-39408 \nPublished : Aug. 14, 2024, 12:15 p.m. | 34\u00a0minutes ago \nDescription : Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-14T14:52:29.000000Z"}, {"uuid": "38015f01-f7ea-441f-9154-afb43ccd6176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39409", "type": "seen", "source": "https://t.me/cvedetector/3124", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39409 - Adobe Commerce CSRF\", \n  \"Content\": \"CVE ID : CVE-2024-39409 \nPublished : Aug. 14, 2024, 12:15 p.m. | 34\u00a0minutes ago \nDescription : Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-14T14:52:28.000000Z"}, {"uuid": "d31b9a4a-663b-4efc-a3ef-681c8c2bba70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39405", "type": "seen", "source": "https://t.me/cvedetector/3123", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39405 - Adobe Commerce Insufficient Authorization Security Feature Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-39405 \nPublished : Aug. 14, 2024, 12:15 p.m. | 34\u00a0minutes ago \nDescription : Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-14T14:52:27.000000Z"}]}