Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-39410

Good to know:

icon

Date: August 14, 2024

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.

Language: PHP

Severity Score

Related Resources (4)

https://nvd.nist.gov/vuln/detail/CVE-2024-39410
https://helpx.adobe.com/security/products/magento/apsb24-61.html
https://github.com/magento/magento2
https://www.mend.io/vulnerability-database/CVE-2024-39410

Severity Score

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

icon

Upgrade Version

Upgrade to version magento/community-edition - 2.4.6-p7;magento/community-edition - dev-converted-magento-magento2-2.4.3;magento/community-edition - 2.4.4-p10;magento/community-edition - 2.4.5-p9;magento/community-edition - dev-2.4.2-regression;magento/community-edition - dev-2.4-addressing-discriminatory-language;magento/community-edition - dev-ihor-sviziev-patch-1;magento/community-edition - dev-lenaorobei-patch-2;magento/community-edition - dev-2.3.7-patch-33664;magento/community-edition - 2.4.7-p2;magento/community-edition - dev-2.4.3-patch-34184;magento/community-edition - 2.4.5-p10

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us