ByteOS Network

Vulnerability Details :

CVE-2024-45130

Assigner-adobe

Assigner Org ID-078d4453-3bcd-4900-85e6-15281da43538

Published At-10 Oct, 2024 | 09:57

Updated At-10 Oct, 2024 | 14:01

Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:adobe

Assigner Org ID:078d4453-3bcd-4900-85e6-15281da43538

Published At:10 Oct, 2024 | 09:57

Updated At:10 Oct, 2024 | 14:01

▼CVE Numbering Authority (CNA)

Adobe Commerce | Improper Access Control (CWE-284)

Affected Products

Vendor

Adobe Inc.

Product

Adobe Commerce

Default Status

affected

Versions

Affected

From 0 through 2.4.4-p10 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-284	Improper Access Control (CWE-284)

Type: CWE

CWE ID: CWE-284

Description: Improper Access Control (CWE-284)

Metrics

Version	Base score	Base severity	Vector
3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

Hyperlink	Resource
https://helpx.adobe.com/security/products/magento/apsb24-73.html	vendor-advisory

Hyperlink: https://helpx.adobe.com/security/products/magento/apsb24-73.html

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@adobe.com

Published At:10 Oct, 2024 | 10:15

Updated At:11 Oct, 2024 | 22:08

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Secondary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Type: Primary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CPE Matches

Adobe Inc.

>>commerce>>-

cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.3.7

cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.3.7

cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.3.7

cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.3.7

cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.3.7

cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.3.7

cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.3.7

cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.3.7

cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.3.7

cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.0

cpe:2.3:a:adobe:commerce:2.4.0:*:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.0

cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.0

cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.0

cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.0

cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.0

cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.1

cpe:2.3:a:adobe:commerce:2.4.1:*:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.1

cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.1

cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.1

cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.1

cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.1

cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.2

cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.2

cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.2

cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.2

cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.2

cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.2

cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.2

cpe:2.3:a:adobe:commerce:2.4.2:p1:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.2

cpe:2.3:a:adobe:commerce:2.4.2:p2:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.3

cpe:2.3:a:adobe:commerce:2.4.3:*:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.3

cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.3

cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.3

cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.3

cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.3

cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.3

cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.3

cpe:2.3:a:adobe:commerce:2.4.3:p2:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.4

cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.4

cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.4

cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.4

cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.4

cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.4

cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.4

cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.4

cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.4

cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.4

cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.4

cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*

Adobe Inc.

>>commerce>>2.4.5

cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-284	Secondary	psirt@adobe.com

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-284

Type: Secondary

Source: psirt@adobe.com

References

Hyperlink	Source	Resource
https://helpx.adobe.com/security/products/magento/apsb24-73.html	psirt@adobe.com	Vendor Advisory

Hyperlink: https://helpx.adobe.com/security/products/magento/apsb24-73.html

Source: psirt@adobe.com

Resource:

Vendor Advisory

Similar CVEs

203Records found

CVE-2024-43780

Matching Score-4

Assigner-Mattermost, Inc.

View Details

Matching Score-4

Assigner-Mattermost, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.13% / 33.64%

7 Day CHG~0.00%

Published-22 Aug, 2024 | 15:17

Updated-16 Oct, 2024 | 20:07

Unauthorized channel file upload

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel.

Vendor-Mattermost, Inc.

Product-mattermost_server Mattermost

CWE ID-CWE-284

Improper Access Control

CVE-2021-24781

Matching Score-4

Assigner-WPScan

View Details

Matching Score-4

Assigner-WPScan

CVSS Score-4.3||MEDIUM

EPSS-0.14% / 34.73%

7 Day CHG~0.00%

Published-01 Nov, 2021 | 08:46

Updated-03 Aug, 2024 | 19:42

Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change

The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts (even those they should not be able to edit)

Vendor-imagesourcecontrol Unknown

Product-image_source_control Image Source Control

CWE ID-CWE-284

Improper Access Control

CVE-2024-3127

Matching Score-4

Assigner-GitLab Inc.

View Details

Matching Score-4

Assigner-GitLab Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.05% / 13.52%

7 Day CHG~0.00%

Published-22 Aug, 2024 | 15:31

Updated-13 Dec, 2024 | 16:11

Improper Access Control in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level.

Vendor-GitLab Inc.

Product-gitlab GitLab

CWE ID-CWE-284

Improper Access Control

CWE ID-CWE-863

Incorrect Authorization

CVE-2024-45130

Credits

Adobe Commerce | Improper Access Control (CWE-284)

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs