Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction.
History

Mon, 18 Nov 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe commerce
Adobe magento
CPEs cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*
Vendors & Products Adobe
Adobe commerce
Adobe magento

Tue, 12 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 12 Nov 2024 16:45:00 +0000

Type Values Removed Values Added
Description Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction.
Title Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2024-11-12T16:41:28.324Z

Updated: 2024-11-12T17:07:29.400Z

Reserved: 2024-10-15T15:35:47.029Z

Link: CVE-2024-49521

cve-icon Vulnrichment

Updated: 2024-11-12T17:07:25.662Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-12T17:15:08.783

Modified: 2024-11-18T18:44:32.113

Link: CVE-2024-49521

cve-icon Redhat

No data.