CVE-2024-39401

Published Aug 14, 2024

Last updated 3 months ago

Overview

Description
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.
Source
psirt@adobe.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
8.4
Impact score
6
Exploitability score
1.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@adobe.com
CWE-78

Social media

Hype score
Not currently trending

Configurations