Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction..
2024-06-13T09:15:13.537
2024-11-21T09:18:07.443
Modified
CVSSv3.1: 6.5 (MEDIUM)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | adobe | commerce | 2.3.7 | Yes |
Application | adobe | commerce | 2.3.7 | Yes |
Application | adobe | commerce | 2.3.7 | Yes |
Application | adobe | commerce | 2.3.7 | Yes |
Application | adobe | commerce | 2.3.7 | Yes |
Application | adobe | commerce | 2.3.7 | Yes |
Application | adobe | commerce | 2.3.7 | Yes |
Application | adobe | commerce | 2.3.7 | Yes |
Application | adobe | commerce | 2.3.7 | Yes |
Application | adobe | commerce | 2.4.0 | Yes |
Application | adobe | commerce | 2.4.0 | Yes |
Application | adobe | commerce | 2.4.0 | Yes |
Application | adobe | commerce | 2.4.0 | Yes |
Application | adobe | commerce | 2.4.0 | Yes |
Application | adobe | commerce | 2.4.1 | Yes |
Application | adobe | commerce | 2.4.1 | Yes |
Application | adobe | commerce | 2.4.1 | Yes |
Application | adobe | commerce | 2.4.1 | Yes |
Application | adobe | commerce | 2.4.1 | Yes |
Application | adobe | commerce | 2.4.2 | Yes |
Application | adobe | commerce | 2.4.2 | Yes |
Application | adobe | commerce | 2.4.2 | Yes |
Application | adobe | commerce | 2.4.2 | Yes |
Application | adobe | commerce | 2.4.2 | Yes |
Application | adobe | commerce | 2.4.3 | Yes |
Application | adobe | commerce | 2.4.3 | Yes |
Application | adobe | commerce | 2.4.3 | Yes |
Application | adobe | commerce | 2.4.3 | Yes |
Application | adobe | commerce | 2.4.3 | Yes |
Application | adobe | commerce | 2.4.4 | Yes |
Application | adobe | commerce | 2.4.4 | Yes |
Application | adobe | commerce | 2.4.4 | Yes |
Application | adobe | commerce | 2.4.4 | Yes |
Application | adobe | commerce | 2.4.4 | Yes |
Application | adobe | commerce | 2.4.4 | Yes |
Application | adobe | commerce | 2.4.4 | Yes |
Application | adobe | commerce | 2.4.5 | Yes |
Application | adobe | commerce | 2.4.5 | Yes |
Application | adobe | commerce | 2.4.5 | Yes |
Application | adobe | commerce | 2.4.5 | Yes |
Application | adobe | commerce | 2.4.5 | Yes |
Application | adobe | commerce | 2.4.5 | Yes |
Application | adobe | commerce | 2.4.6 | Yes |
Application | adobe | commerce | 2.4.6 | Yes |
Application | adobe | commerce | 2.4.6 | Yes |
Application | adobe | commerce | 2.4.6 | Yes |
Application | adobe | commerce_webhooks | ≤ 1.4.0 | Yes |
Application | adobe | magento | 2.4.4 | Yes |
Application | adobe | magento | 2.4.4 | Yes |
Application | adobe | magento | 2.4.4 | Yes |
Application | adobe | magento | 2.4.4 | Yes |
Application | adobe | magento | 2.4.4 | Yes |
Application | adobe | magento | 2.4.4 | Yes |
Application | adobe | magento | 2.4.4 | Yes |
Application | adobe | magento | 2.4.4 | Yes |
Application | adobe | magento | 2.4.4 | Yes |
Application | adobe | magento | 2.4.5 | Yes |
Application | adobe | magento | 2.4.5 | Yes |
Application | adobe | magento | 2.4.5 | Yes |
Application | adobe | magento | 2.4.5 | Yes |
Application | adobe | magento | 2.4.5 | Yes |
Application | adobe | magento | 2.4.5 | Yes |
Application | adobe | magento | 2.4.5 | Yes |
Application | adobe | magento | 2.4.5 | Yes |
Application | adobe | magento | 2.4.6 | Yes |
Application | adobe | magento | 2.4.6 | Yes |
Application | adobe | magento | 2.4.6 | Yes |
Application | adobe | magento | 2.4.6 | Yes |
Application | adobe | magento | 2.4.6 | Yes |
Application | adobe | magento | 2.4.6 | Yes |
Application | adobe | magento | 2.4.7 | Yes |