- Bulletin ID: APSB24-61
- Product: APSB24-61: Security update available for Adobe Commerce
- Published: August 13, 2024
- Priority: 3
- Severity: Critical
- CVE Count: 23
Affected Versions
- Adobe Commerce: 2.4.7-p1 and earlier2.4.6-p6 and earlier2.4.5-p8 and earlier2.4.4-p9 and earlier
- Magento Open Source: 2.4.7-p1 and earlier2.4.6-p6 and earlier2.4.5-p8 and earlier2.4.4-p9 and earlier
Vulnerability Details
Total Vulnerabilities: 23
Severity Breakdown:
- Moderate: 15
- Important: 1
- Critical: 7
Key Vulnerabilities:
1. CVE-2024-39397
- Category: Unrestricted Upload of File with Dangerous Type (CWE-434)
- Impact: Arbitrary code execution
- Severity: Critical
- CVSS Score: 9.0
- Authentication Required: No
2. CVE-2024-39398
- Category: Improper Restriction of Excessive Authentication Attempts (CWE-307)
- Impact: Security feature bypass
- Severity: Critical
- CVSS Score: 7.4
- Authentication Required: Yes
3. CVE-2024-39399
- Category: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)
- Impact: Arbitrary file system read
- Severity: Critical
- CVSS Score: 7.7
- Authentication Required: Yes
…and 20 more vulnerabilities
CVE Identifiers
CVE-2024-39410, CVE-2024-39408, CVE-2024-39416, CVE-2024-39398, CVE-2024-39406, CVE-2024-39403, CVE-2024-39411, CVE-2024-39407, CVE-2024-39418, CVE-2024-39404, CVE-2024-39397, CVE-2024-39400, CVE-2024-39401, CVE-2024-39399, CVE-2024-39405, CVE-2024-39409, CVE-2024-39414, CVE-2024-39417, CVE-2024-39419, CVE-2024-39402, CVE-2024-39415, CVE-2024-39412, CVE-2024-39413
Read Full Bulletin on Adobe Security Portal →