Vulnerabilities > CVE-2024-45119 - Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 76 |