{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20758", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2023-12-04T16:52:22.978Z", "datePublished": "2024-04-10T11:49:04.024Z", "dateUpdated": "2024-08-01T21:59:42.892Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Adobe Commerce", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "2.4.7-beta3", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2024-04-09T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 9.1, "environmentalSeverity": "CRITICAL", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "HIGH", "modifiedAttackVector": "NETWORK", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "NOT_DEFINED", "modifiedUserInteraction": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "CHANGED", "temporalScore": 9, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2024-04-10T11:49:04.024Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html"}], "source": {"discovery": "EXTERNAL"}, "title": "[Adobe Cloud] RCE through frontend gift registry sharing"}, "adp": [{"affected": [{"vendor": "adobe", "product": "commerce", "cpes": ["cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.4.7-beta3", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThanOrEqual": "2.4.6-p4", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThanOrEqual": "2.4.5-p6", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThanOrEqual": "2.4.4-p7", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThanOrEqual": "2.4.3-ext-6", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThanOrEqual": "2.4.2-ext-6", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThanOrEqual": "2.4.1-ext-6", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThanOrEqual": "2.4.0-ext-6", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThanOrEqual": "2.3.7-p4-ext-6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-11T04:01:06.376409Z", "id": "CVE-2024-20758", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-19T17:23:19.874Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:42.892Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:42.892Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20758", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-11T04:01:06.376409Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:adobe:commerce:-:*:*:*:*:*:*:*"], "vendor": "adobe", "product": "commerce", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.4.7-beta3"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.4.6-p4"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.4.5-p6"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.4.4-p7"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.4.3-ext-6"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.4.2-ext-6"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.4.1-ext-6"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.4.0-ext-6"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.3.7-p4-ext-6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-19T17:20:16.146Z"}}], "cna": {"title": "[Adobe Cloud] RCE through frontend gift registry sharing", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "modifiedScope": "NOT_DEFINED", "temporalScore": 9, "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "CRITICAL", "availabilityImpact": "HIGH", "environmentalScore": 9.1, "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NETWORK", "confidentialityImpact": "HIGH", "environmentalSeverity": "CRITICAL", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "HIGH", "modifiedUserInteraction": "NONE", "modifiedAttackComplexity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "Adobe Commerce", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.4.7-beta3"}], "defaultStatus": "affected"}], "datePublic": "2024-04-09T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2024-04-10T11:49:04.024Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20758", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:59:42.892Z", "dateReserved": "2023-12-04T16:52:22.978Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2024-04-10T11:49:04.024Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high."}, {"lang": "es", "value": "Las versiones 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario, pero la complejidad del ataque es alta."}], "id": "CVE-2024-20758", "lastModified": "2024-04-10T13:23:38.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "psirt@adobe.com", "type": "Primary"}]}, "published": "2024-04-10T12:15:08.567", "references": [{"source": "psirt@adobe.com", "url": "https://helpx.adobe.com/security/products/magento/apsb24-18.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@adobe.com", "type": "Primary"}]}

{}