Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0678
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat | Acrobat 2020 versions antérieures à 20.005.30655 | ||
| Adobe | Magento | Magento Open Source versions 2.4.5.x antérieures à 2.4.5-p9 | ||
| Adobe | Acrobat | Acrobat DC versions antérieures à 24.002.21005 | ||
| Adobe | Commerce | Commerce versions antérieures à 2.4.4-p10 | ||
| Adobe | Commerce | Commerce versions 2.4.7.x antérieures à 2.4.7-p2 | ||
| Adobe | Commerce | Commerce versions 2.4.6.x antérieures à 2.4.6-p7 | ||
| Adobe | Commerce | Commerce versions 2.4.5.x antérieures à 2.4.5-p9 | ||
| Adobe | Magento | Magento Open Source versions 2.4.6.x antérieures à 2.4.6-p7 | ||
| Adobe | Acrobat | Acrobat 2024 versions antérieures à 24.001.30159 | ||
| Adobe | Magento | Magento Open Source versions 2.4.7.x antérieures à 2.4.7-p2 | ||
| Adobe | Magento | Magento Open Source versions antérieures à 2.4.4-p10 | ||
| Adobe | Acrobat Reader | Acrobat Reader DC versions antérieures à 24.002.21005 | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 versions antérieures à 20.005.30655 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acrobat 2020 versions ant\u00e9rieures \u00e0 20.005.30655",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.5.x ant\u00e9rieures \u00e0 2.4.5-p9",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 24.002.21005",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions ant\u00e9rieures \u00e0 2.4.4-p10",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.7.x ant\u00e9rieures \u00e0 2.4.7-p2",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.6.x ant\u00e9rieures \u00e0 2.4.6-p7",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Commerce versions 2.4.5.x ant\u00e9rieures \u00e0 2.4.5-p9",
"product": {
"name": "Commerce",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.6.x ant\u00e9rieures \u00e0 2.4.6-p7",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2024 versions ant\u00e9rieures \u00e0 24.001.30159",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions 2.4.7.x ant\u00e9rieures \u00e0 2.4.7-p2",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Magento Open Source versions ant\u00e9rieures \u00e0 2.4.4-p10",
"product": {
"name": "Magento",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 24.002.21005",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 versions ant\u00e9rieures \u00e0 20.005.30655",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-41831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41831"
},
{
"name": "CVE-2024-41832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41832"
},
{
"name": "CVE-2024-39411",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39411"
},
{
"name": "CVE-2024-39413",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39413"
},
{
"name": "CVE-2024-39398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39398"
},
{
"name": "CVE-2024-39412",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39412"
},
{
"name": "CVE-2024-39425",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39425"
},
{
"name": "CVE-2024-39424",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39424"
},
{
"name": "CVE-2024-39418",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39418"
},
{
"name": "CVE-2024-39403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39403"
},
{
"name": "CVE-2024-39408",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39408"
},
{
"name": "CVE-2024-41835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41835"
},
{
"name": "CVE-2024-39401",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39401"
},
{
"name": "CVE-2024-39415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39415"
},
{
"name": "CVE-2024-39426",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39426"
},
{
"name": "CVE-2024-39416",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39416"
},
{
"name": "CVE-2024-39402",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39402"
},
{
"name": "CVE-2024-39383",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39383"
},
{
"name": "CVE-2024-41833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41833"
},
{
"name": "CVE-2024-39404",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39404"
},
{
"name": "CVE-2024-39406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39406"
},
{
"name": "CVE-2024-39423",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39423"
},
{
"name": "CVE-2024-39419",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39419"
},
{
"name": "CVE-2024-41830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41830"
},
{
"name": "CVE-2024-39400",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39400"
},
{
"name": "CVE-2024-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39410"
},
{
"name": "CVE-2024-39422",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39422"
},
{
"name": "CVE-2024-39414",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39414"
},
{
"name": "CVE-2024-39417",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39417"
},
{
"name": "CVE-2024-39405",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39405"
},
{
"name": "CVE-2024-39409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39409"
},
{
"name": "CVE-2024-41834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41834"
},
{
"name": "CVE-2024-39407",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39407"
},
{
"name": "CVE-2024-39397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39397"
},
{
"name": "CVE-2024-39399",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39399"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0678",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb24-61",
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb24-57",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html"
}
]
}
CVE-2024-39383 (GCVE-0-2024-39383)
Vulnerability from cvelistv5 – Published: 2024-08-14 15:07 – Updated: 2024-08-15 03:55
VLAI
EPSS
Title
PoC sample of unknown vulnerability detected by EXPMON system
Summary
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity
7.8 (High)
CWE
- CWE-416 - Use After Free (CWE-416)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/acrobat… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
0 , ≤ 24.001.30123
(semver)
|
Date Public
2024-08-13 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "affected",
"product": "acrobat_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20991",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "affected",
"product": "acrobat_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20964",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.001.30123",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "affected",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.001.30123",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "20.005.30636",
"status": "affected",
"version": "20.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "affected",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.001.30123",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "20.005.30635",
"status": "affected",
"version": "20.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "affected",
"product": "acrobat_reader",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30636",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "affected",
"product": "acrobat_reader",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30635",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:macos:*:*"
],
"defaultStatus": "affected",
"product": "acrobat_reader_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20964",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:windows:*:*"
],
"defaultStatus": "affected",
"product": "acrobat_reader_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20991",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T03:55:52.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "24.001.30123",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-08-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T15:07:24.407Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PoC sample of unknown vulnerability detected by EXPMON system"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-39383",
"datePublished": "2024-08-14T15:07:24.407Z",
"dateReserved": "2024-06-24T20:32:06.587Z",
"dateUpdated": "2024-08-15T03:55:52.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39397 (GCVE-0-2024-39397)
Vulnerability from cvelistv5 – Published: 2024-08-14 11:57 – Updated: 2024-09-16 12:49
VLAI
EPSS
Title
Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)
Summary
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed.
Severity
9 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type (CWE-434)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/magento… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Adobe Commerce |
Affected:
0 , ≤ 2.4.4-p9
(semver)
|
Date Public
2024-08-13 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "commerce",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "2.4.7-p1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.6-p6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.5-p8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T14:10:46.525735Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T14:14:11.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Adobe Commerce",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-08-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "HIGH",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "CHANGED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 9,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload of File with Dangerous Type (CWE-434)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T12:49:11.103Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-39397",
"datePublished": "2024-08-14T11:57:14.067Z",
"dateReserved": "2024-06-24T20:32:06.590Z",
"dateUpdated": "2024-09-16T12:49:11.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39398 (GCVE-0-2024-39398)
Vulnerability from cvelistv5 – Published: 2024-08-14 11:57 – Updated: 2024-08-14 14:13
VLAI
EPSS
Title
OTP 2FA can be bruteforced
Summary
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high.
Severity
7.4 (High)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts (CWE-307)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/magento… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Adobe Commerce |
Affected:
0 , ≤ 2.4.4-p9
(semver)
|
Date Public
2024-08-13 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "commerce",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "2.4.7-p1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.6-p6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.5-p8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T14:10:17.592608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T14:13:54.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Adobe Commerce",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-08-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.4,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "HIGH",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.4,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "Improper Restriction of Excessive Authentication Attempts (CWE-307)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T11:57:15.614Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OTP 2FA can be bruteforced"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-39398",
"datePublished": "2024-08-14T11:57:15.614Z",
"dateReserved": "2024-06-24T20:32:06.590Z",
"dateUpdated": "2024-08-14T14:13:54.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39399 (GCVE-0-2024-39399)
Vulnerability from cvelistv5 – Published: 2024-08-14 11:57 – Updated: 2024-08-14 14:13
VLAI
EPSS
Title
[Paris] Path Traversal lead to local file read
Summary
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed.
Severity
7.7 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/magento… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Adobe Commerce |
Affected:
0 , ≤ 2.4.4-p9
(semver)
|
Date Public
2024-08-13 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "commerce",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "2.4.7-p1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.6-p6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.5-p8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T14:09:03.657152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T14:13:07.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Adobe Commerce",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-08-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.7,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "LOW",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 7.7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T11:57:19.382Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "[Paris] Path Traversal lead to local file read"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-39399",
"datePublished": "2024-08-14T11:57:19.382Z",
"dateReserved": "2024-06-24T20:32:06.590Z",
"dateUpdated": "2024-08-14T14:13:07.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39400 (GCVE-0-2024-39400)
Vulnerability from cvelistv5 – Published: 2024-08-14 11:57 – Updated: 2024-08-14 14:15
VLAI
EPSS
Title
DOM XSS through integrations can impact other admins
Summary
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.
Severity
8.1 (High)
CWE
- CWE-79 - Cross-site Scripting (DOM-based XSS) (CWE-79)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/magento… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Adobe Commerce |
Affected:
0 , ≤ 2.4.4-p9
(semver)
|
Date Public
2024-08-13 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "commerce",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "2.4.7-p1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.6-p6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.5-p8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T14:12:38.248509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T14:15:17.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Adobe Commerce",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-08-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user\u0027s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "HIGH",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "HIGH",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (DOM-based XSS) (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T11:57:07.948Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DOM XSS through integrations can impact other admins"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-39400",
"datePublished": "2024-08-14T11:57:07.948Z",
"dateReserved": "2024-06-24T20:32:06.590Z",
"dateUpdated": "2024-08-14T14:15:17.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39401 (GCVE-0-2024-39401)
Vulnerability from cvelistv5 – Published: 2024-08-14 11:57 – Updated: 2024-09-17 11:05
VLAI
EPSS
Title
Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.
Severity
8.4 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/magento… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Adobe Commerce |
Affected:
0 , ≤ 2.4.4-p9
(semver)
|
Date Public
2024-08-13 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "commerce",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "2.4.7-p1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.6-p6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.5-p8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T14:10:32.512995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T14:14:01.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Adobe Commerce",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-08-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 8.5,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "HIGH",
"modifiedScope": "CHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "HIGH",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 8.4,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) (CWE-78)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T11:05:32.867Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) (CWE-78)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-39401",
"datePublished": "2024-08-14T11:57:14.867Z",
"dateReserved": "2024-06-24T20:32:06.590Z",
"dateUpdated": "2024-09-17T11:05:32.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39402 (GCVE-0-2024-39402)
Vulnerability from cvelistv5 – Published: 2024-08-14 11:57 – Updated: 2024-09-17 11:05
VLAI
EPSS
Title
Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.
Severity
8.4 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/magento… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Adobe Commerce |
Affected:
0 , ≤ 2.4.4-p9
(semver)
|
Date Public
2024-08-13 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "commerce",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "2.4.7-p1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.6-p6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.5-p8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T14:12:09.555224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T14:14:57.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Adobe Commerce",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-08-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 8.5,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "HIGH",
"modifiedScope": "CHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "HIGH",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 8.4,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) (CWE-78)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T11:05:39.188Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) (CWE-78)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-39402",
"datePublished": "2024-08-14T11:57:09.458Z",
"dateReserved": "2024-06-24T20:32:06.590Z",
"dateUpdated": "2024-09-17T11:05:39.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39403 (GCVE-0-2024-39403)
Vulnerability from cvelistv5 – Published: 2024-08-14 11:57 – Updated: 2024-08-14 14:12
VLAI
EPSS
Title
Stored XSS through Webhook module public key configuration
Summary
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information.
Severity
7.6 (High)
CWE
- CWE-79 - Cross-site Scripting (Stored XSS) (CWE-79)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/magento… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Adobe Commerce |
Affected:
0 , ≤ 2.4.4-p9
(semver)
|
Date Public
2024-08-13 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "commerce",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "2.4.7-p1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.6-p6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.5-p8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T14:08:14.521051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T14:12:45.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Adobe Commerce",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-08-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.6,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "LOW",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "LOW",
"modifiedPrivilegesRequired": "LOW",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 7.6,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (Stored XSS) (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T11:57:21.660Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored XSS through Webhook module public key configuration"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-39403",
"datePublished": "2024-08-14T11:57:21.660Z",
"dateReserved": "2024-06-24T20:32:06.591Z",
"dateUpdated": "2024-08-14T14:12:45.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39404 (GCVE-0-2024-39404)
Vulnerability from cvelistv5 – Published: 2024-08-14 11:57 – Updated: 2024-08-14 14:15
VLAI
EPSS
Title
A user without Shop Policy Parameters section privilege can alter the shop policy parameters section
Summary
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.
Severity
4.3 (Medium)
CWE
- CWE-285 - Improper Authorization (CWE-285)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/magento… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Adobe Commerce |
Affected:
0 , ≤ 2.4.4-p9
(semver)
|
Date Public
2024-08-13 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "commerce",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "2.4.7-p1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.6-p6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.5-p8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T14:12:52.238305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T14:15:23.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Adobe Commerce",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-08-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "LOW",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "NONE",
"modifiedIntegrityImpact": "LOW",
"modifiedPrivilegesRequired": "LOW",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization (CWE-285)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T11:57:07.181Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A user without Shop Policy Parameters section privilege can alter the shop policy parameters section"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-39404",
"datePublished": "2024-08-14T11:57:07.181Z",
"dateReserved": "2024-06-24T20:32:06.591Z",
"dateUpdated": "2024-08-14T14:15:23.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39405 (GCVE-0-2024-39405)
Vulnerability from cvelistv5 – Published: 2024-08-14 11:57 – Updated: 2024-09-17 11:06
VLAI
EPSS
Title
Adobe Commerce | Improper Authorization (CWE-285)
Summary
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.
Severity
4.3 (Medium)
CWE
- CWE-285 - Improper Authorization (CWE-285)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/magento… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Adobe Commerce |
Affected:
0 , ≤ 2.4.4-p9
(semver)
|
Date Public
2024-08-13 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "commerce",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "2.4.7-p1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.6-p6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.5-p8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T14:13:21.609644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T14:15:39.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Adobe Commerce",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.4.4-p9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-08-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "LOW",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "NONE",
"modifiedIntegrityImpact": "LOW",
"modifiedPrivilegesRequired": "LOW",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization (CWE-285)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T11:06:05.847Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/magento/apsb24-61.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Commerce | Improper Authorization (CWE-285)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-39405",
"datePublished": "2024-08-14T11:57:05.644Z",
"dateReserved": "2024-06-24T20:32:06.592Z",
"dateUpdated": "2024-09-17T11:06:05.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…