- Bulletin ID: APSB24-40
- Published: June 11, 2024
- Priority: 1
- Severity: Critical
- CVE Count: 10
Affected Versions
- Adobe Commerce: 2.4.7 and earlier2.4.6-p5 and earlier2.4.5-p7 and earlier2.4.4-p8 and earlier2.4.3-ext-7 and earlier2.4.2-ext-7 and earlier
- Magento Open Source: 2.4.7 and earlier2.4.6-p5 and earlier2.4.5-p7 and earlier2.4.4-p8 and earlier
- Adobe Commerce Webhooks Plugin: 1.2.0 to 1.4.0
Vulnerability Details
Total Vulnerabilities: 10
Severity Breakdown:
Key Vulnerabilities:
1. CVE-2024-34111
- Category: Server-Side Request Forgery (SSRF) (CWE-918)
- Impact: Arbitrary code execution
- Severity: Critical
- CVSS Score: 8.5
- Authentication Required: Yes
2. CVE-2024-34102
- Category: Improper Restriction of XML External Entity Reference (‘XXE’) (CWE-611)
- Impact: Arbitrary code execution
- Severity: Critical
- CVSS Score: 9.8
- Authentication Required: No
3. CVE-2024-34103
- Category: Improper Authentication (CWE-287)
- Impact: Privilege escalation
- Severity: Critical
- CVSS Score: 8.1
- Authentication Required: No
…and 7 more vulnerabilities
CVE Identifiers
CVE-2024-34103, CVE-2024-34108, CVE-2024-34105, CVE-2024-34110, CVE-2024-34107, CVE-2024-34104, CVE-2024-34111, CVE-2024-34106, CVE-2024-34109, CVE-2024-34102
Read Full Bulletin on Adobe Security Portal →