← Back to CVEs
CVE-2024-49521
HIGH7.7
Description
Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction.
CVE Details
CVSS v3.1 Score7.7
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published11/12/2024
Last Modified11/18/2024
Sourcenvd
Honeypot Sightings0
Affected Products
adobe:commerceadobe:magento
Weaknesses (CWE)
CWE-918CWE-918
References
https://helpx.adobe.com/security/products/magento/apsb24-90.html(psirt@adobe.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.