What is the severity of CVE-2024-45119?

CVE-2024-45119 has a high severity rating due to the potential for arbitrary file system read through SSRF exploitation.

How do I fix CVE-2024-45119?

To remediate CVE-2024-45119, upgrade to Adobe Commerce versions 2.4.4-p11, 2.4.5-p10, 2.4.6-p8, or 2.4.7-p3.

Who is affected by CVE-2024-45119?

CVE-2024-45119 affects Adobe Commerce versions 2.4.4-p10 and earlier, along with 2.4.5-p9, 2.4.6-p7, and 2.4.7-p2.

Is authentication required to exploit CVE-2024-45119?

Yes, an attacker must have admin privileges to exploit CVE-2024-45119.

What type of vulnerability is CVE-2024-45119?

CVE-2024-45119 is classified as a Server-Side Request Forgery (SSRF) vulnerability.

Vulnerability/
CVE-2024-45119

medium

4.9

CWE

918

10/10/2024

12/12/2024

CVE-2024-45119: Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)

First published: Thu Oct 10 2024(Updated: )

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

Credit: psirt@adobe.com psirt@adobe.com

Affected Software	Affected Version	How to fix
composer/magento/community-edition	=2.4.4
composer/magento/community-edition	=2.4.5
composer/magento/community-edition	=2.4.6
composer/magento/community-edition	=2.4.7
composer/magento/community-edition	<2.4.4-p11	2.4.4-p11
composer/magento/community-edition	>=2.4.5-p1<2.4.5-p10	2.4.5-p10
composer/magento/community-edition	>=2.4.6-p1<2.4.6-p8	2.4.6-p8
composer/magento/community-edition	>=2.4.7-beta1<2.4.7-p3	2.4.7-p3
Adobe Magento Commerce	=2.4.4
Adobe Magento Commerce	=2.4.4-p1
Adobe Magento Commerce	=2.4.4-p10
Adobe Magento Commerce	=2.4.4-p2
Adobe Magento Commerce	=2.4.4-p3
Adobe Magento Commerce	=2.4.4-p4
Adobe Magento Commerce	=2.4.4-p5
Adobe Magento Commerce	=2.4.4-p6
Adobe Magento Commerce	=2.4.4-p7
Adobe Magento Commerce	=2.4.4-p8
Adobe Magento Commerce	=2.4.4-p9
Adobe Magento Commerce	=2.4.5
Adobe Magento Commerce	=2.4.5-p1
Adobe Magento Commerce	=2.4.5-p2
Adobe Magento Commerce	=2.4.5-p3
Adobe Magento Commerce	=2.4.5-p4
Adobe Magento Commerce	=2.4.5-p5
Adobe Magento Commerce	=2.4.5-p6
Adobe Magento Commerce	=2.4.5-p7
Adobe Magento Commerce	=2.4.5-p8
Adobe Magento Commerce	=2.4.5-p9
Adobe Magento Commerce	=2.4.6
Adobe Magento Commerce	=2.4.6-p1
Adobe Magento Commerce	=2.4.6-p2
Adobe Magento Commerce	=2.4.6-p3
Adobe Magento Commerce	=2.4.6-p4
Adobe Magento Commerce	=2.4.6-p5
Adobe Magento Commerce	=2.4.6-p6
Adobe Magento Commerce	=2.4.6-p7
Adobe Magento Commerce	=2.4.7
Adobe Magento Commerce	=2.4.7-b1
Adobe Magento Commerce	=2.4.7-b2
Adobe Magento Commerce	=2.4.7-p1
Adobe Magento Commerce	=2.4.7-p2
Adobe Commerce	=1.3.3
Adobe Commerce	=1.3.3-p10
Adobe Commerce	=1.3.4
Adobe Commerce	=1.3.4-p9
Adobe Commerce	=1.3.5
Adobe Commerce	=1.3.5-p7
Adobe Commerce	=1.4.2
Adobe Commerce	=1.4.2-p1
Adobe Commerce	=1.4.2-p2
Magento	=2.4.4
Magento	=2.4.4-p1
Magento	=2.4.4-p10
Magento	=2.4.4-p2
Magento	=2.4.4-p3
Magento	=2.4.4-p4
Magento	=2.4.4-p5
Magento	=2.4.4-p6
Magento	=2.4.4-p7
Magento	=2.4.4-p8
Magento	=2.4.4-p9
Magento	=2.4.5
Magento	=2.4.5-p1
Magento	=2.4.5-p2
Magento	=2.4.5-p3
Magento	=2.4.5-p4
Magento	=2.4.5-p5
Magento	=2.4.5-p6
Magento	=2.4.5-p7
Magento	=2.4.5-p8
Magento	=2.4.5-p9
Magento	=2.4.6
Magento	=2.4.6-p1
Magento	=2.4.6-p2
Magento	=2.4.6-p3
Magento	=2.4.6-p4
Magento	=2.4.6-p5
Magento	=2.4.6-p6
Magento	=2.4.6-p7
Magento	=2.4.7
Magento	=2.4.7-b1
Magento	=2.4.7-p1
Magento	=2.4.7-p2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-45119?
CVE-2024-45119 has a high severity rating due to the potential for arbitrary file system read through SSRF exploitation.
How do I fix CVE-2024-45119?
To remediate CVE-2024-45119, upgrade to Adobe Commerce versions 2.4.4-p11, 2.4.5-p10, 2.4.6-p8, or 2.4.7-p3.
Who is affected by CVE-2024-45119?
CVE-2024-45119 affects Adobe Commerce versions 2.4.4-p10 and earlier, along with 2.4.5-p9, 2.4.6-p7, and 2.4.7-p2.
Is authentication required to exploit CVE-2024-45119?
Yes, an attacker must have admin privileges to exploit CVE-2024-45119.
What type of vulnerability is CVE-2024-45119?
CVE-2024-45119 is classified as a Server-Side Request Forgery (SSRF) vulnerability.

agent/weakness
agent/title
agent/first-publish-date
agent/type
agent/references
agent/event
agent/author
collector/mitre-cve
source/MITRE
collector/github-advisory-latest
source/GitHub
alias/GHSA-g9fm-wc6h-pvgj
alias/CVE-2024-45119
agent/software-canonical-lookup
agent/last-modified-date
agent/trending
collector/github-advisory
agent/severity
agent/description
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
collector/nvd-cve
package-manager/composer
vendor/adobe
canonical/adobe magento commerce
version/adobe magento commerce/2.4.4
version/adobe magento commerce/2.4.4-p1
version/adobe magento commerce/2.4.4-p10
version/adobe magento commerce/2.4.4-p2
version/adobe magento commerce/2.4.4-p3
version/adobe magento commerce/2.4.4-p4
version/adobe magento commerce/2.4.4-p5
version/adobe magento commerce/2.4.4-p6
version/adobe magento commerce/2.4.4-p7
version/adobe magento commerce/2.4.4-p8
version/adobe magento commerce/2.4.4-p9
version/adobe magento commerce/2.4.5
version/adobe magento commerce/2.4.5-p1
version/adobe magento commerce/2.4.5-p2
version/adobe magento commerce/2.4.5-p3
version/adobe magento commerce/2.4.5-p4
version/adobe magento commerce/2.4.5-p5
version/adobe magento commerce/2.4.5-p6
version/adobe magento commerce/2.4.5-p7
version/adobe magento commerce/2.4.5-p8
version/adobe magento commerce/2.4.5-p9
version/adobe magento commerce/2.4.6
version/adobe magento commerce/2.4.6-p1
version/adobe magento commerce/2.4.6-p2
version/adobe magento commerce/2.4.6-p3
version/adobe magento commerce/2.4.6-p4
version/adobe magento commerce/2.4.6-p5
version/adobe magento commerce/2.4.6-p6
version/adobe magento commerce/2.4.6-p7
version/adobe magento commerce/2.4.7
version/adobe magento commerce/2.4.7-b1
version/adobe magento commerce/2.4.7-b2
version/adobe magento commerce/2.4.7-p1
version/adobe magento commerce/2.4.7-p2
canonical/adobe commerce
version/adobe commerce/1.3.3
version/adobe commerce/1.3.3-p10
version/adobe commerce/1.3.4
version/adobe commerce/1.3.4-p9
version/adobe commerce/1.3.5
version/adobe commerce/1.3.5-p7
version/adobe commerce/1.4.2
version/adobe commerce/1.4.2-p1
version/adobe commerce/1.4.2-p2
canonical/magento
version/magento/2.4.4
version/magento/2.4.4-p1
version/magento/2.4.4-p10
version/magento/2.4.4-p2
version/magento/2.4.4-p3
version/magento/2.4.4-p4
version/magento/2.4.4-p5
version/magento/2.4.4-p6
version/magento/2.4.4-p7
version/magento/2.4.4-p8
version/magento/2.4.4-p9
version/magento/2.4.5
version/magento/2.4.5-p1
version/magento/2.4.5-p2
version/magento/2.4.5-p3
version/magento/2.4.5-p4
version/magento/2.4.5-p5
version/magento/2.4.5-p6
version/magento/2.4.5-p7
version/magento/2.4.5-p8
version/magento/2.4.5-p9
version/magento/2.4.6
version/magento/2.4.6-p1
version/magento/2.4.6-p2
version/magento/2.4.6-p3
version/magento/2.4.6-p4
version/magento/2.4.6-p5
version/magento/2.4.6-p6
version/magento/2.4.6-p7
version/magento/2.4.7
version/magento/2.4.7-b1
version/magento/2.4.7-p1
version/magento/2.4.7-p2