What is the severity of CVE-2024-20716?

CVE-2024-20716 is classified as a high severity Uncontrolled Resource Consumption vulnerability.

How do I fix CVE-2024-20716?

To fix CVE-2024-20716, upgrade to the latest version of Adobe Commerce that addresses this vulnerability.

What type of attack does CVE-2024-20716 facilitate?

CVE-2024-20716 could potentially lead to an application denial-of-service.

Who can exploit CVE-2024-20716?

A high-privileged attacker could leverage CVE-2024-20716 to exhaust system resources.

Vulnerability/
CVE-2024-20716

medium

4.9

CWE

400

15/2/2024

1/8/2024

CVE-2024-20716: Force high-usage of resources by generating unlimited coupons: Adobe Commerce

First published: Thu Feb 15 2024(Updated: )

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Magento Commerce	=2.4.4
Adobe Magento Commerce	=2.4.4-p1
Adobe Magento Commerce	=2.4.4-p2
Adobe Magento Commerce	=2.4.4-p3
Adobe Magento Commerce	=2.4.4-p4
Adobe Magento Commerce	=2.4.4-p5
Adobe Magento Commerce	=2.4.4-p6
Adobe Magento Commerce	=2.4.5
Adobe Magento Commerce	=2.4.5-p1
Adobe Magento Commerce	=2.4.5-p2
Adobe Magento Commerce	=2.4.5-p3
Adobe Magento Commerce	=2.4.5-p4
Adobe Magento Commerce	=2.4.5-p5
Adobe Magento Commerce	=2.4.6
Adobe Magento Commerce	=2.4.6-p1
Adobe Magento Commerce	=2.4.6-p2
Adobe Magento Commerce	=2.4.6-p3

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/magento/apsb24-03.html

Frequently Asked Questions

What is the severity of CVE-2024-20716?
CVE-2024-20716 is classified as a high severity Uncontrolled Resource Consumption vulnerability.
How do I fix CVE-2024-20716?
To fix CVE-2024-20716, upgrade to the latest version of Adobe Commerce that addresses this vulnerability.
Which versions of Adobe Commerce are affected by CVE-2024-20716?
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by CVE-2024-20716.
What type of attack does CVE-2024-20716 facilitate?
CVE-2024-20716 could potentially lead to an application denial-of-service.
Who can exploit CVE-2024-20716?
A high-privileged attacker could leverage CVE-2024-20716 to exhaust system resources.

agent/weakness
agent/references
agent/title
agent/type
agent/first-publish-date
agent/description
agent/severity
agent/author
agent/event
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/adobe
canonical/adobe magento commerce
version/adobe magento commerce/2.4.4
version/adobe magento commerce/2.4.4-p1
version/adobe magento commerce/2.4.4-p2
version/adobe magento commerce/2.4.4-p3
version/adobe magento commerce/2.4.4-p4
version/adobe magento commerce/2.4.4-p5
version/adobe magento commerce/2.4.4-p6
version/adobe magento commerce/2.4.5
version/adobe magento commerce/2.4.5-p1
version/adobe magento commerce/2.4.5-p2
version/adobe magento commerce/2.4.5-p3
version/adobe magento commerce/2.4.5-p4
version/adobe magento commerce/2.4.5-p5
version/adobe magento commerce/2.4.6
version/adobe magento commerce/2.4.6-p1
version/adobe magento commerce/2.4.6-p2
version/adobe magento commerce/2.4.6-p3

Frequently Asked Questions

What is the severity of CVE-2024-20716?
CVE-2024-20716 is classified as a high severity Uncontrolled Resource Consumption vulnerability.
How do I fix CVE-2024-20716?
To fix CVE-2024-20716, upgrade to the latest version of Adobe Commerce that addresses this vulnerability.
Which versions of Adobe Commerce are affected by CVE-2024-20716?
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by CVE-2024-20716.
What type of attack does CVE-2024-20716 facilitate?
CVE-2024-20716 could potentially lead to an application denial-of-service.
Who can exploit CVE-2024-20716?
A high-privileged attacker could leverage CVE-2024-20716 to exhaust system resources.

CVE-2024-20716: Force high-usage of resources by generating unlimited coupons: Adobe Commerce

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-20716?

How do I fix CVE-2024-20716?

Which versions of Adobe Commerce are affected by CVE-2024-20716?

What type of attack does CVE-2024-20716 facilitate?

Who can exploit CVE-2024-20716?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-20716?

How do I fix CVE-2024-20716?

Which versions of Adobe Commerce are affected by CVE-2024-20716?

What type of attack does CVE-2024-20716 facilitate?

Who can exploit CVE-2024-20716?