- Bulletin ID: APSB24-73
- Published: October 08, 2024
- Priority: 2
- Severity: Critical
- CVE Count: 22
Affected Versions
- Adobe Commerce: 2.4.7-p2 and earlier2.4.6-p7 and earlier2.4.5-p9 and earlier2.4.4-p10 and earlier
- Adobe Commerce B2B: 1.4.2-p2 and earlier1.3.5-p7 and earlier1.3.4-p9 and earlier1.3.3-p10 and earlier
- Magento Open Source: 2.4.7-p2 and earlier2.4.6-p7 and earlier2.4.5-p9 and earlier2.4.4-p10 and earlier
Vulnerability Details
Total Vulnerabilities: 22
Severity Breakdown:
- Moderate: 10
- Important: 6
- Critical: 6
Key Vulnerabilities:
1. CVE-2024-45115
- Category: Improper Authentication (CWE-287)
- Impact: Privilege escalation
- Severity: Critical
- CVSS Score: 9.8
- Authentication Required: No
2. CVE-2024-45148
- Category: Improper Authentication (CWE-287)
- Impact: Security feature bypass
- Severity: Critical
- CVSS Score: 8.8
- Authentication Required: No
3. CVE-2024-45116
- Category: Cross-site Scripting (Stored XSS) (CWE-79)
- Impact: Arbitrary code execution
- Severity: Critical
- CVSS Score: 8.1
- Authentication Required: Yes
…and 19 more vulnerabilities
CVE Identifiers
CVE-2024-45148, CVE-2024-45134, CVE-2024-45125, CVE-2024-45120, CVE-2024-45130, CVE-2024-45128, CVE-2024-45123, CVE-2024-45127, CVE-2024-45115, CVE-2024-45124, CVE-2024-45132, CVE-2024-45118, CVE-2024-45116, CVE-2024-45117, CVE-2024-45122, CVE-2024-45129, CVE-2024-45121, CVE-2024-45119, CVE-2024-45131, CVE-2024-45149, CVE-2024-45135, CVE-2024-45133
Read Full Bulletin on Adobe Security Portal →