APSB24-90 - APSB24-90: Security update available for Adobe Commerce Security Update

November 12, 2024

Bulletin Information

Bulletin ID: APSB24-90
Product: APSB24-90: Security update available for Adobe Commerce
Published: November 12, 2024
Priority: 3
Severity: Critical
CVE Count: 1

Affected Versions

Adobe Commerce and Magento Open Source powered by Commerce Services and deployed as SaaS (software as a service). (Commerce Services Connector): 3.2.5 and earlier

Vulnerability Details

Total Vulnerabilities: 1

Severity Breakdown:

Critical: 1

Key Vulnerabilities:

1. CVE-2024-49521

Category: Server-Side Request Forgery (SSRF) (CWE-918)
Impact: Arbitrary code execution
Severity: Critical
CVSS Score: 7.7
Authentication Required: Yes

CVE Identifiers

CVE-2024-49521

Read Full Bulletin on Adobe Security Portal →

All Bulletins Home