Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction.
Metrics
Affected Vendors & Products
References
History
Mon, 18 Nov 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Adobe
Adobe commerce Adobe magento |
|
CPEs | cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:* |
|
Vendors & Products |
Adobe
Adobe commerce Adobe magento |
Tue, 12 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 12 Nov 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction. | |
Title | Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918) | |
Weaknesses | CWE-918 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2024-11-12T16:41:28.324Z
Updated: 2024-11-12T17:07:29.400Z
Reserved: 2024-10-15T15:35:47.029Z
Link: CVE-2024-49521
Vulnrichment
Updated: 2024-11-12T17:07:25.662Z
NVD
Status : Analyzed
Published: 2024-11-12T17:15:08.783
Modified: 2024-11-18T18:44:32.113
Link: CVE-2024-49521
Redhat
No data.