Lucene search

[email protected]NVD:CVE-2024-20718

HistoryFeb 15, 2024 - 2:15 p.m.

CVE-2024-20718

2024-02-1514:15:45

CWE-352

[email protected]

web.nvd.nist.gov

adobe commerce

csrf

vulnerability

security bypass

unauthorized access

user interaction

exploitation

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

21.8%

JSON

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website.

Affected configurations

Nvd

Node

adobecommerceMatch2.4.4-

adobecommerceMatch2.4.4p1

adobecommerceMatch2.4.4p2

adobecommerceMatch2.4.4p3

adobecommerceMatch2.4.4p4

adobecommerceMatch2.4.4p5

adobecommerceMatch2.4.4p6

adobecommerceMatch2.4.5-

adobecommerceMatch2.4.5p1

adobecommerceMatch2.4.5p2

adobecommerceMatch2.4.5p3

adobecommerceMatch2.4.5p4

adobecommerceMatch2.4.5p5

adobecommerceMatch2.4.6-

adobecommerceMatch2.4.6p1

adobecommerceMatch2.4.6p2

adobecommerceMatch2.4.6p3

VendorProductVersionCPE
adobecommerce2.4.4cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
adobecommerce2.4.4cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
adobecommerce2.4.4cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
adobecommerce2.4.4cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
adobecommerce2.4.4cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
adobecommerce2.4.4cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
adobecommerce2.4.4cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*
adobecommerce2.4.5cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
adobecommerce2.4.5cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
adobecommerce2.4.5cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	commerce	2.4.4	cpe:2.3:a:adobe:commerce:2.4.4:-::::::
adobe	commerce	2.4.4	cpe:2.3:a:adobe:commerce:2.4.4:p1::::::
adobe	commerce	2.4.4	cpe:2.3:a:adobe:commerce:2.4.4:p2::::::
adobe	commerce	2.4.4	cpe:2.3:a:adobe:commerce:2.4.4:p3::::::
adobe	commerce	2.4.4	cpe:2.3:a:adobe:commerce:2.4.4:p4::::::
adobe	commerce	2.4.4	cpe:2.3:a:adobe:commerce:2.4.4:p5::::::
adobe	commerce	2.4.4	cpe:2.3:a:adobe:commerce:2.4.4:p6::::::
adobe	commerce	2.4.5	cpe:2.3:a:adobe:commerce:2.4.5:-::::::
adobe	commerce	2.4.5	cpe:2.3:a:adobe:commerce:2.4.5:p1::::::
adobe	commerce	2.4.5	cpe:2.3:a:adobe:commerce:2.4.5:p2::::::