Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | A user without Send Sales Emails permission can send sales email of order to the customers | Adobe Commerce | Improper Authorization (CWE-285) |
Wed, 14 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 14 Aug 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Adobe
Adobe commerce Adobe magento |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:* cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:* |
|
Vendors & Products |
Adobe
Adobe commerce Adobe magento |
Wed, 14 Aug 2024 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. | |
Title | A user without Send Sales Emails permission can send sales email of order to the customers | |
Weaknesses | CWE-285 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2024-08-14T11:57:05.644Z
Updated: 2024-09-17T11:06:05.847Z
Reserved: 2024-06-24T20:32:06.592Z
Link: CVE-2024-39405
Vulnrichment
Updated: 2024-08-14T14:12:50.489Z
NVD
Status : Analyzed
Published: 2024-08-14T12:15:26.013
Modified: 2024-08-14T14:44:17.217
Link: CVE-2024-39405
Redhat
No data.