← Volver a CVEs
CVE-2024-34102
CRITICALCISA KEV9.8
Descripcion
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado6/13/2024
Ultima modificacion10/23/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorAdobe
ProductoCommerce and Magento Open Source
Nombre vulnerabilidadAdobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
Fecha inclusion KEV2024-07-17
Fecha limite remediacion2024-08-07
Uso en ransomwareUnknown
Productos afectados
adobe:commerceadobe:commerce_webhooksadobe:magento
Debilidades (CWE)
CWE-611
Referencias
https://helpx.adobe.com/security/products/magento/apsb24-40.html(psirt@adobe.com)
https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102(psirt@adobe.com)
https://helpx.adobe.com/security/products/magento/apsb24-40.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-34102(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.