Approved changes feed: RSS · Atom

cpe:2.3:a:aimeos:ai-admin-graphql:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAimeos (b4d165b0-ea44-5b6c-9214-9c2f903ffab7)
ProductAi Admin Graphql (64b9789f-45e0-5227-a076-1e370a5e8835)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:composer/aimeos/ai-admin-graphql purl2cpe 2026-06-01 10:11:15.331104
pkg:github/aimeos/ai-admin-graphql purl2cpe 2026-06-01 10:11:15.331106

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-47173 vulnerable 2026-06-08 06:48:11.530815 Aimeos GraphQL API admin interface denial of service vulnerability in SaaS and marketplace setups
MEDIUM (5.5)
Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue.
Published: 2024-10-24T18:54:12.478Z
Updated: 2024-10-24T20:00:27.605Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-39324 vulnerable 2026-06-08 06:41:49.074911 aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
LOW (3.8)
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions 2022.10.10, 2023.10.6, and 2024.4.2 contain a patch for the issue.
Published: 2024-07-02T20:09:22.872Z
Updated: 2024-08-02T04:19:20.752Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-39323 vulnerable 2026-06-08 06:41:49.074390 aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account
HIGH (7.1)
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10, 2023.10.6, and 2024.04.6 fix this issue.
Published: 2024-07-02T16:03:03.253Z
Updated: 2024-08-02T04:19:20.645Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.