CVE-2024-39401: Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
First published: Wed Aug 14 2024(Updated: )
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Magento Commerce | <=2.4.3 | |
| Adobe Magento Commerce | =2.4.4 | |
| Adobe Magento Commerce | =2.4.4-p1 | |
| Adobe Magento Commerce | =2.4.4-p2 | |
| Adobe Magento Commerce | =2.4.4-p3 | |
| Adobe Magento Commerce | =2.4.4-p4 | |
| Adobe Magento Commerce | =2.4.4-p5 | |
| Adobe Magento Commerce | =2.4.4-p6 | |
| Adobe Magento Commerce | =2.4.4-p7 | |
| Adobe Magento Commerce | =2.4.4-p8 | |
| Adobe Magento Commerce | =2.4.4-p9 | |
| Adobe Magento Commerce | =2.4.5 | |
| Adobe Magento Commerce | =2.4.5-p1 | |
| Adobe Magento Commerce | =2.4.5-p2 | |
| Adobe Magento Commerce | =2.4.5-p3 | |
| Adobe Magento Commerce | =2.4.5-p4 | |
| Adobe Magento Commerce | =2.4.5-p5 | |
| Adobe Magento Commerce | =2.4.5-p6 | |
| Adobe Magento Commerce | =2.4.5-p7 | |
| Adobe Magento Commerce | =2.4.5-p8 | |
| Adobe Magento Commerce | =2.4.6 | |
| Adobe Magento Commerce | =2.4.6-p1 | |
| Adobe Magento Commerce | =2.4.6-p2 | |
| Adobe Magento Commerce | =2.4.6-p3 | |
| Adobe Magento Commerce | =2.4.6-p4 | |
| Adobe Magento Commerce | =2.4.6-p5 | |
| Adobe Magento Commerce | =2.4.6-p6 | |
| Adobe Magento Commerce | =2.4.7 | |
| Adobe Magento Commerce | =2.4.7-b1 | |
| Adobe Magento Commerce | =2.4.7-b2 | |
| Adobe Magento Commerce | =2.4.7-p1 | |
| Magento | <=2.4.3 | |
| Magento | =2.4.4 | |
| Magento | =2.4.4-p1 | |
| Magento | =2.4.4-p2 | |
| Magento | =2.4.4-p3 | |
| Magento | =2.4.4-p4 | |
| Magento | =2.4.4-p5 | |
| Magento | =2.4.4-p6 | |
| Magento | =2.4.4-p7 | |
| Magento | =2.4.4-p8 | |
| Magento | =2.4.4-p9 | |
| Magento | =2.4.5 | |
| Magento | =2.4.5-p1 | |
| Magento | =2.4.5-p2 | |
| Magento | =2.4.5-p3 | |
| Magento | =2.4.5-p4 | |
| Magento | =2.4.5-p5 | |
| Magento | =2.4.5-p6 | |
| Magento | =2.4.5-p7 | |
| Magento | =2.4.5-p8 | |
| Magento | =2.4.6 | |
| Magento | =2.4.6-p1 | |
| Magento | =2.4.6-p2 | |
| Magento | =2.4.6-p3 | |
| Magento | =2.4.6-p4 | |
| Magento | =2.4.6-p5 | |
| Magento | =2.4.6-p6 | |
| Magento | =2.4.7 | |
| Magento | =2.4.7-b1 | |
| Magento | =2.4.7-b2 | |
| Magento | =2.4.7-p1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-39401?
CVE-2024-39401 is classified as a critical severity vulnerability due to the potential for arbitrary code execution by an admin attacker.
How do I fix CVE-2024-39401?
To fix CVE-2024-39401, update Adobe Commerce to at least version 2.4.8 or apply the appropriate security patches provided by Adobe.
Which versions are affected by CVE-2024-39401?
CVE-2024-39401 affects Adobe Commerce versions 2.4.7-p1 and earlier, including versions 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9.
What type of vulnerability is CVE-2024-39401?
CVE-2024-39401 is an OS Command Injection vulnerability that allows an attacker to execute arbitrary code.
Who can exploit CVE-2024-39401?
CVE-2024-39401 can be exploited by admin-level attackers who have access to the affected systems.
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe magento commerce
- version/adobe magento commerce/2.4.3
- version/adobe magento commerce/2.4.4
- version/adobe magento commerce/2.4.4-p1
- version/adobe magento commerce/2.4.4-p2
- version/adobe magento commerce/2.4.4-p3
- version/adobe magento commerce/2.4.4-p4
- version/adobe magento commerce/2.4.4-p5
- version/adobe magento commerce/2.4.4-p6
- version/adobe magento commerce/2.4.4-p7
- version/adobe magento commerce/2.4.4-p8
- version/adobe magento commerce/2.4.4-p9
- version/adobe magento commerce/2.4.5
- version/adobe magento commerce/2.4.5-p1
- version/adobe magento commerce/2.4.5-p2
- version/adobe magento commerce/2.4.5-p3
- version/adobe magento commerce/2.4.5-p4
- version/adobe magento commerce/2.4.5-p5
- version/adobe magento commerce/2.4.5-p6
- version/adobe magento commerce/2.4.5-p7
- version/adobe magento commerce/2.4.5-p8
- version/adobe magento commerce/2.4.6
- version/adobe magento commerce/2.4.6-p1
- version/adobe magento commerce/2.4.6-p2
- version/adobe magento commerce/2.4.6-p3
- version/adobe magento commerce/2.4.6-p4
- version/adobe magento commerce/2.4.6-p5
- version/adobe magento commerce/2.4.6-p6
- version/adobe magento commerce/2.4.7
- version/adobe magento commerce/2.4.7-b1
- version/adobe magento commerce/2.4.7-b2
- version/adobe magento commerce/2.4.7-p1
- canonical/magento
- version/magento/2.4.3
- version/magento/2.4.4
- version/magento/2.4.4-p1
- version/magento/2.4.4-p2
- version/magento/2.4.4-p3
- version/magento/2.4.4-p4
- version/magento/2.4.4-p5
- version/magento/2.4.4-p6
- version/magento/2.4.4-p7
- version/magento/2.4.4-p8
- version/magento/2.4.4-p9
- version/magento/2.4.5
- version/magento/2.4.5-p1
- version/magento/2.4.5-p2
- version/magento/2.4.5-p3
- version/magento/2.4.5-p4
- version/magento/2.4.5-p5
- version/magento/2.4.5-p6
- version/magento/2.4.5-p7
- version/magento/2.4.5-p8
- version/magento/2.4.6
- version/magento/2.4.6-p1
- version/magento/2.4.6-p2
- version/magento/2.4.6-p3
- version/magento/2.4.6-p4
- version/magento/2.4.6-p5
- version/magento/2.4.6-p6
- version/magento/2.4.7
- version/magento/2.4.7-b1
- version/magento/2.4.7-b2
- version/magento/2.4.7-p1