Adobe Commerce 2.4.2 ext-3
Approved changes feed: RSS · Atom
cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:*
part: a version: 2.4.2 update: ext-3
| Vendor | Adobe (fb293c1b-cab3-5565-9184-186e4ece530b) |
|---|---|
| Product | Commerce (86532610-8ce1-5faa-8e1c-d91f271a0546) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-45148 |
vulnerable | 2026-06-03 14:56:48.971343 |
Adobe Commerce | Improper Authentication (CWE-287)
HIGH (8.8)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:57:53.566Z
Updated: 2024-10-10T14:04:54.106Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45135 |
vulnerable | 2026-06-03 14:56:48.709150 |
Adobe Commerce | Improper Access Control (CWE-284)
LOW (2.7)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:57:57.455Z
Updated: 2024-10-10T14:00:45.112Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45134 |
vulnerable | 2026-06-03 14:56:48.703471 |
Adobe Commerce | Information Exposure (CWE-200)
LOW (2.7)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:57:52.772Z
Updated: 2024-10-10T14:05:32.033Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45133 |
vulnerable | 2026-06-03 14:56:48.699663 |
Adobe Commerce | Improper Access Control (CWE-284)
LOW (2.7)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:58:04.630Z
Updated: 2024-10-10T14:19:56.423Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45132 |
vulnerable | 2026-06-03 14:56:48.690359 |
Adobe Commerce | Incorrect Authorization (CWE-863)
MEDIUM (6.5)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:57:55.112Z
Updated: 2024-10-14T10:37:42.897Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45131 |
vulnerable | 2026-06-03 14:56:48.686278 |
Adobe Commerce | Incorrect Authorization (CWE-863)
MEDIUM (5.4)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:57:54.346Z
Updated: 2024-10-14T10:39:03.439Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45130 |
vulnerable | 2026-06-03 14:56:48.682093 |
Adobe Commerce | Improper Access Control (CWE-284)
MEDIUM (4.3)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:57:55.895Z
Updated: 2024-10-10T14:01:43.666Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45129 |
vulnerable | 2026-06-03 14:56:48.678263 |
Adobe Commerce | Improper Access Control (CWE-284)
MEDIUM (4.3)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:57:51.997Z
Updated: 2024-10-10T14:25:15.306Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45128 |
vulnerable | 2026-06-03 14:56:48.673548 |
Adobe Commerce | Incorrect Authorization (CWE-863)
MEDIUM (5.4)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:58:05.408Z
Updated: 2024-10-14T10:37:12.555Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45127 |
vulnerable | 2026-06-03 14:56:48.669889 |
Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
MEDIUM (4.8)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Published: 2024-10-10T09:58:06.189Z
Updated: 2024-10-10T13:56:06.715Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45125 |
vulnerable | 2026-06-03 14:56:48.664945 |
Adobe Commerce | Incorrect Authorization (CWE-863)
MEDIUM (4.3)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:57:49.672Z
Updated: 2024-10-10T14:06:40.500Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45124 |
vulnerable | 2026-06-03 14:56:48.660383 |
Adobe Commerce | Improper Access Control (CWE-284)
MEDIUM (5.3)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:58:03.845Z
Updated: 2024-10-10T13:55:37.675Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45123 |
vulnerable | 2026-06-03 14:56:48.655995 |
Adobe Commerce | Cross-site Scripting (Reflected XSS) (CWE-79)
MEDIUM (6.1)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
Published: 2024-10-10T09:58:03.098Z
Updated: 2024-10-10T14:20:13.166Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45122 |
vulnerable | 2026-06-03 14:56:48.651929 |
Adobe Commerce | Improper Access Control (CWE-284)
MEDIUM (4.3)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:57:58.231Z
Updated: 2024-10-10T14:00:07.731Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45121 |
vulnerable | 2026-06-03 14:56:48.648048 |
Adobe Commerce | Improper Access Control (CWE-284)
MEDIUM (4.3)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:58:02.296Z
Updated: 2024-10-10T14:24:07.969Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45118 |
vulnerable | 2026-06-03 14:56:48.637930 |
Adobe Commerce | Improper Access Control (CWE-284)
MEDIUM (6.5)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:57:51.201Z
Updated: 2024-10-10T13:45:35.642Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45117 |
vulnerable | 2026-06-03 14:56:48.634378 |
Adobe Commerce | Improper Input Validation (CWE-20)
HIGH (7.6)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed.
Published: 2024-10-10T09:58:00.638Z
Updated: 2024-10-10T14:24:40.824Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45116 |
vulnerable | 2026-06-03 14:56:48.630074 |
Adobe Commerce | Cross-site Scripting (XSS) (CWE-79)
HIGH (8.1)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.
Published: 2024-10-10T09:57:59.730Z
Updated: 2024-10-10T13:57:57.049Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45115 |
vulnerable | 2026-06-03 14:56:48.580421 |
Adobe Commerce | Improper Authentication (CWE-287)
CRITICAL (9.8)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.
Published: 2024-10-10T09:58:01.453Z
Updated: 2024-10-10T13:41:43.590Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34111 |
vulnerable | 2026-06-03 14:55:53.619830 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34110 |
vulnerable | 2026-06-03 14:55:53.616348 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34109 |
vulnerable | 2026-06-03 14:55:53.613519 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34108 |
vulnerable | 2026-06-03 14:55:53.611007 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34107 |
vulnerable | 2026-06-03 14:55:53.576981 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34106 |
vulnerable | 2026-06-03 14:55:53.574606 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34105 |
vulnerable | 2026-06-03 14:55:53.572034 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34104 |
vulnerable | 2026-06-03 14:55:53.570013 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34103 |
vulnerable | 2026-06-03 14:55:53.563123 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-34102 |
vulnerable | 2026-06-03 14:55:53.519022 |
XXE can expose crypt key and other secrets granting full admin access
CRITICAL (9.8)
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Published: 2024-06-13T09:04:56.093Z
Updated: 2025-10-21T22:56:22.223Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-20759 |
vulnerable | 2026-06-03 14:54:45.478752 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-20758 |
vulnerable | 2026-06-03 14:54:45.448604 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38251 |
vulnerable | 2026-06-03 14:52:30.722227 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38250 |
vulnerable | 2026-06-03 14:52:30.720148 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38249 |
vulnerable | 2026-06-03 14:52:30.718361 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38221 |
vulnerable | 2026-06-03 14:52:30.686461 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38220 |
vulnerable | 2026-06-03 14:52:30.684519 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38219 |
vulnerable | 2026-06-03 14:52:30.682822 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38218 |
vulnerable | 2026-06-03 14:52:30.667191 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-26367 |
vulnerable | 2026-06-03 14:50:59.523544 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-26366 |
vulnerable | 2026-06-03 14:50:59.493071 | db.gcve.eu returned HTTP 503. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.