- Bulletin ID: APSB24-03
- Published: February 13, 2024
- Priority: 3
- Severity: Critical
- CVE Count: 5
Affected Versions
- Adobe Commerce: 2.4.6-p3 and earlier2.4.5-p5 and earlier2.4.4-p6 and earlier2.4.3-ext-5 and earlier2.4.2-ext-5 and earlier
- Magento Open Source: 2.4.6-p3 and earlier2.4.5-p5 and earlier2.4.4-p6 and earlier
Vulnerability Details
Total Vulnerabilities: 5
Severity Breakdown:
- Moderate: 1
- Important: 2
- Critical: 2
Key Vulnerabilities:
1. CVE-2024-20719
- Category: Cross-site Scripting (Stored XSS) (CWE-79)
- Impact: Arbitrary code execution
- Severity: Critical
- CVSS Score: 9.1
- Authentication Required: Yes
2. CVE-2024-20720
- Category: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) (CWE-78)
- Impact: Arbitrary code execution
- Severity: Critical
- CVSS Score: 9.1
- Authentication Required: Yes
3. CVE-2024-20716
- Category: Uncontrolled Resource Consumption (CWE-400)
- Impact: Application denial-of-service
- Severity: Important
- CVSS Score: 5.7
- Authentication Required: Yes
…and 2 more vulnerabilities
CVE Identifiers
CVE-2024-20720, CVE-2024-20719, CVE-2024-20716, CVE-2024-20718, CVE-2024-20717
Read Full Bulletin on Adobe Security Portal →