CVE-2024-49521

HIGH

7.7

Descricao

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction.

Detalhes CVE

Pontuacao CVSS v3.17.7

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado11/12/2024

Ultima modificacao11/18/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

adobe:commerceadobe:magento

Fraquezas (CWE)

CWE-918CWE-918

Referencias

https://helpx.adobe.com/security/products/magento/apsb24-90.html(psirt@adobe.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.