What is the severity of CVE-2024-34108?

CVE-2024-34108 is classified as a critical severity vulnerability that allows arbitrary code execution.

How do I fix CVE-2024-34108?

To fix CVE-2024-34108, upgrade your Adobe Commerce installation to versions 2.4.7 or later, or apply the latest patches available.

Which versions are affected by CVE-2024-34108?

CVE-2024-34108 affects Adobe Commerce versions 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier, including version 2.3.7 and its patches.

Does CVE-2024-34108 require user interaction to exploit?

No, exploitation of CVE-2024-34108 does not require user interaction.

What type of vulnerability is CVE-2024-34108?

CVE-2024-34108 is an Improper Input Validation vulnerability.

Vulnerability/
CVE-2024-34108

critical

9.1

CWE

13/6/2024

7/8/2024

CVE-2024-34108: Large attack surface through legit webhook usage in Adobe Commerce

First published: Thu Jun 13 2024(Updated: )

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required and scope is changed.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Magento Commerce	=2.3.7
Adobe Magento Commerce	=2.3.7-p1
Adobe Magento Commerce	=2.3.7-p2
Adobe Magento Commerce	=2.3.7-p3
Adobe Magento Commerce	=2.3.7-p4
Adobe Magento Commerce	=2.3.7-p4-ext1
Adobe Magento Commerce	=2.3.7-p4-ext2
Adobe Magento Commerce	=2.3.7-p4-ext3
Adobe Magento Commerce	=2.3.7-p4-ext4
Adobe Magento Commerce	=2.4.0
Adobe Magento Commerce	=2.4.0-ext-1
Adobe Magento Commerce	=2.4.0-ext-2
Adobe Magento Commerce	=2.4.0-ext-3
Adobe Magento Commerce	=2.4.0-ext-4
Adobe Magento Commerce	=2.4.1
Adobe Magento Commerce	=2.4.1-ext-1
Adobe Magento Commerce	=2.4.1-ext-2
Adobe Magento Commerce	=2.4.1-ext-3
Adobe Magento Commerce	=2.4.1-ext-4
Adobe Magento Commerce	=2.4.2
Adobe Magento Commerce	=2.4.2-ext-1
Adobe Magento Commerce	=2.4.2-ext-2
Adobe Magento Commerce	=2.4.2-ext-3
Adobe Magento Commerce	=2.4.2-ext-4
Adobe Magento Commerce	=2.4.3
Adobe Magento Commerce	=2.4.3-ext-1
Adobe Magento Commerce	=2.4.3-ext-2
Adobe Magento Commerce	=2.4.3-ext-3
Adobe Magento Commerce	=2.4.3-ext-4
Adobe Magento Commerce	=2.4.4
Adobe Magento Commerce	=2.4.4-p1
Adobe Magento Commerce	=2.4.4-p2
Adobe Magento Commerce	=2.4.4-p3
Adobe Magento Commerce	=2.4.4-p4
Adobe Magento Commerce	=2.4.4-p5
Adobe Magento Commerce	=2.4.4-p6
Adobe Magento Commerce	=2.4.5
Adobe Magento Commerce	=2.4.5-p1
Adobe Magento Commerce	=2.4.5-p2
Adobe Magento Commerce	=2.4.5-p3
Adobe Magento Commerce	=2.4.5-p4
Adobe Magento Commerce	=2.4.5-p5
Adobe Magento Commerce	=2.4.6
Adobe Magento Commerce	=2.4.6-p1
Adobe Magento Commerce	=2.4.6-p2
Adobe Magento Commerce	=2.4.6-p3
Adobe Commerce	>=1.2.0<=1.4.0
Magento	=2.4.4
Magento	=2.4.4-p1
Magento	=2.4.4-p2
Magento	=2.4.4-p3
Magento	=2.4.4-p4
Magento	=2.4.4-p5
Magento	=2.4.4-p6
Magento	=2.4.4-p7
Magento	=2.4.4-p8
Magento	=2.4.5
Magento	=2.4.5-p1
Magento	=2.4.5-p2
Magento	=2.4.5-p3
Magento	=2.4.5-p4
Magento	=2.4.5-p5
Magento	=2.4.5-p6
Magento	=2.4.5-p7
Magento	=2.4.6
Magento	=2.4.6-p1
Magento	=2.4.6-p2
Magento	=2.4.6-p3
Magento	=2.4.6-p4
Magento	=2.4.6-p5
Magento	=2.4.7-b1

Never miss a vulnerability like this again

Reference Links

https://helpx.adobe.com/security/products/magento/apsb24-40.html

Frequently Asked Questions

What is the severity of CVE-2024-34108?
CVE-2024-34108 is classified as a critical severity vulnerability that allows arbitrary code execution.
How do I fix CVE-2024-34108?
To fix CVE-2024-34108, upgrade your Adobe Commerce installation to versions 2.4.7 or later, or apply the latest patches available.
Which versions are affected by CVE-2024-34108?
CVE-2024-34108 affects Adobe Commerce versions 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier, including version 2.3.7 and its patches.
Does CVE-2024-34108 require user interaction to exploit?
No, exploitation of CVE-2024-34108 does not require user interaction.
What type of vulnerability is CVE-2024-34108?
CVE-2024-34108 is an Improper Input Validation vulnerability.

agent/weakness
agent/title
agent/references
agent/type
agent/first-publish-date
agent/author
agent/event
agent/severity
agent/last-modified-date
collector/mitre-cve
source/MITRE
agent/description
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/adobe
canonical/adobe magento commerce
version/adobe magento commerce/2.3.7
version/adobe magento commerce/2.3.7-p1
version/adobe magento commerce/2.3.7-p2
version/adobe magento commerce/2.3.7-p3
version/adobe magento commerce/2.3.7-p4
version/adobe magento commerce/2.3.7-p4-ext1
version/adobe magento commerce/2.3.7-p4-ext2
version/adobe magento commerce/2.3.7-p4-ext3
version/adobe magento commerce/2.3.7-p4-ext4
version/adobe magento commerce/2.4.0
version/adobe magento commerce/2.4.0-ext-1
version/adobe magento commerce/2.4.0-ext-2
version/adobe magento commerce/2.4.0-ext-3
version/adobe magento commerce/2.4.0-ext-4
version/adobe magento commerce/2.4.1
version/adobe magento commerce/2.4.1-ext-1
version/adobe magento commerce/2.4.1-ext-2
version/adobe magento commerce/2.4.1-ext-3
version/adobe magento commerce/2.4.1-ext-4
version/adobe magento commerce/2.4.2
version/adobe magento commerce/2.4.2-ext-1
version/adobe magento commerce/2.4.2-ext-2
version/adobe magento commerce/2.4.2-ext-3
version/adobe magento commerce/2.4.2-ext-4
version/adobe magento commerce/2.4.3
version/adobe magento commerce/2.4.3-ext-1
version/adobe magento commerce/2.4.3-ext-2
version/adobe magento commerce/2.4.3-ext-3
version/adobe magento commerce/2.4.3-ext-4
version/adobe magento commerce/2.4.4
version/adobe magento commerce/2.4.4-p1
version/adobe magento commerce/2.4.4-p2
version/adobe magento commerce/2.4.4-p3
version/adobe magento commerce/2.4.4-p4
version/adobe magento commerce/2.4.4-p5
version/adobe magento commerce/2.4.4-p6
version/adobe magento commerce/2.4.5
version/adobe magento commerce/2.4.5-p1
version/adobe magento commerce/2.4.5-p2
version/adobe magento commerce/2.4.5-p3
version/adobe magento commerce/2.4.5-p4
version/adobe magento commerce/2.4.5-p5
version/adobe magento commerce/2.4.6
version/adobe magento commerce/2.4.6-p1
version/adobe magento commerce/2.4.6-p2
version/adobe magento commerce/2.4.6-p3
canonical/adobe commerce
version/adobe commerce/1.2.0
version/adobe commerce/1.4.0
canonical/magento
version/magento/2.4.4
version/magento/2.4.4-p1
version/magento/2.4.4-p2
version/magento/2.4.4-p3
version/magento/2.4.4-p4
version/magento/2.4.4-p5
version/magento/2.4.4-p6
version/magento/2.4.4-p7
version/magento/2.4.4-p8
version/magento/2.4.5
version/magento/2.4.5-p1
version/magento/2.4.5-p2
version/magento/2.4.5-p3
version/magento/2.4.5-p4
version/magento/2.4.5-p5
version/magento/2.4.5-p6
version/magento/2.4.5-p7
version/magento/2.4.6
version/magento/2.4.6-p1
version/magento/2.4.6-p2
version/magento/2.4.6-p3
version/magento/2.4.6-p4
version/magento/2.4.6-p5
version/magento/2.4.7-b1