Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploitation of this issue does not require user interaction.
History

Tue, 17 Sep 2024 11:15:00 +0000

Type Values Removed Values Added
Title A guest customer can associate other customer's shipping address to its guest cart which allows guest being able to view other customer's address Adobe Commerce | Improper Access Control (CWE-284)

Wed, 07 Aug 2024 13:00:00 +0000

Type Values Removed Values Added
Description Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploitation of this issue does not require user interaction.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2024-06-13T09:04:58.392Z

Updated: 2024-09-17T11:08:47.953Z

Reserved: 2024-04-30T19:50:50.902Z

Link: CVE-2024-34107

cve-icon Vulnrichment

Updated: 2024-08-02T02:43:00.359Z

cve-icon NVD

Status : Modified

Published: 2024-06-13T09:15:12.053

Modified: 2024-11-21T09:18:06.823

Link: CVE-2024-34107

cve-icon Redhat

No data.