What is the severity of CVE-2024-45128?

CVE-2024-45128 has been classified as a low severity vulnerability.

How does CVE-2024-45128 allow an attacker to exploit Adobe Commerce?

CVE-2024-45128 allows a low-privileged attacker to bypass security measures resulting in a security feature bypass.

How can I fix CVE-2024-45128 in my Adobe Commerce installation?

To fix CVE-2024-45128, upgrade to Adobe Commerce version 2.4.4-p11, 2.4.5-p10, 2.4.6-p8, or 2.4.7-p3.

Is there a workaround for CVE-2024-45128?

Currently, no specific workaround is provided for CVE-2024-45128 apart from upgrading the affected versions.

Vulnerability/
CVE-2024-45128

medium

5.4

CWE

285 863

10/10/2024

14/10/2024

CVE-2024-45128: Adobe Commerce | Incorrect Authorization (CWE-863)

Q: Which versions of Adobe Commerce are affected by CVE-2024-45128?

CVE-2024-45128 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10, and earlier versions.

First published: Thu Oct 10 2024(Updated: )

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction.

Credit: psirt@adobe.com psirt@adobe.com

Affected Software	Affected Version	How to fix
composer/magento/community-edition	=2.4.4
composer/magento/community-edition	=2.4.5
composer/magento/community-edition	=2.4.6
composer/magento/community-edition	=2.4.7
composer/magento/community-edition	<2.4.4-p11	2.4.4-p11
composer/magento/community-edition	>=2.4.5-p1<2.4.5-p10	2.4.5-p10
composer/magento/community-edition	>=2.4.6-p1<2.4.6-p8	2.4.6-p8
composer/magento/community-edition	>=2.4.7-beta1<2.4.7-p3	2.4.7-p3
Adobe Magento Commerce
Adobe Magento Commerce	=2.3.7
Adobe Magento Commerce	=2.3.7-p1
Adobe Magento Commerce	=2.3.7-p2
Adobe Magento Commerce	=2.3.7-p3
Adobe Magento Commerce	=2.3.7-p4
Adobe Magento Commerce	=2.3.7-p4-ext1
Adobe Magento Commerce	=2.3.7-p4-ext2
Adobe Magento Commerce	=2.3.7-p4-ext3
Adobe Magento Commerce	=2.3.7-p4-ext4
Adobe Magento Commerce	=2.4.0
Adobe Magento Commerce	=2.4.0
Adobe Magento Commerce	=2.4.0-ext-1
Adobe Magento Commerce	=2.4.0-ext-2
Adobe Magento Commerce	=2.4.0-ext-3
Adobe Magento Commerce	=2.4.0-ext-4
Adobe Magento Commerce	=2.4.1
Adobe Magento Commerce	=2.4.1
Adobe Magento Commerce	=2.4.1-ext-1
Adobe Magento Commerce	=2.4.1-ext-2
Adobe Magento Commerce	=2.4.1-ext-3
Adobe Magento Commerce	=2.4.1-ext-4
Adobe Magento Commerce	=2.4.2
Adobe Magento Commerce	=2.4.2
Adobe Magento Commerce	=2.4.2-ext-1
Adobe Magento Commerce	=2.4.2-ext-2
Adobe Magento Commerce	=2.4.2-ext-3
Adobe Magento Commerce	=2.4.2-ext-4
Adobe Magento Commerce	=2.4.2-p1
Adobe Magento Commerce	=2.4.2-p2
Adobe Magento Commerce	=2.4.3
Adobe Magento Commerce	=2.4.3
Adobe Magento Commerce	=2.4.3-ext-1
Adobe Magento Commerce	=2.4.3-ext-2
Adobe Magento Commerce	=2.4.3-ext-3
Adobe Magento Commerce	=2.4.3-ext-4
Adobe Magento Commerce	=2.4.3-p1
Adobe Magento Commerce	=2.4.3-p2
Adobe Magento Commerce	=2.4.4
Adobe Magento Commerce	=2.4.4-p1
Adobe Magento Commerce	=2.4.4-p10
Adobe Magento Commerce	=2.4.4-p2
Adobe Magento Commerce	=2.4.4-p3
Adobe Magento Commerce	=2.4.4-p4
Adobe Magento Commerce	=2.4.4-p5
Adobe Magento Commerce	=2.4.4-p6
Adobe Magento Commerce	=2.4.4-p7
Adobe Magento Commerce	=2.4.4-p8
Adobe Magento Commerce	=2.4.4-p9
Adobe Magento Commerce	=2.4.5
Adobe Magento Commerce	=2.4.5-p1
Adobe Magento Commerce	=2.4.5-p2
Adobe Magento Commerce	=2.4.5-p3
Adobe Magento Commerce	=2.4.5-p4
Adobe Magento Commerce	=2.4.5-p5
Adobe Magento Commerce	=2.4.5-p6
Adobe Magento Commerce	=2.4.5-p7
Adobe Magento Commerce	=2.4.5-p8
Adobe Magento Commerce	=2.4.5-p9
Adobe Magento Commerce	=2.4.6
Adobe Magento Commerce	=2.4.6-p1
Adobe Magento Commerce	=2.4.6-p2
Adobe Magento Commerce	=2.4.6-p3
Adobe Magento Commerce	=2.4.6-p4
Adobe Magento Commerce	=2.4.6-p5
Adobe Magento Commerce	=2.4.6-p6
Adobe Magento Commerce	=2.4.6-p7
Adobe Magento Commerce	=2.4.7
Adobe Magento Commerce	=2.4.7-b1
Adobe Magento Commerce	=2.4.7-b2
Adobe Magento Commerce	=2.4.7-p1
Adobe Magento Commerce	=2.4.7-p2
Adobe Commerce	=1.3.3
Adobe Commerce	=1.3.3-p10
Adobe Commerce	=1.3.4
Adobe Commerce	=1.3.4-p9
Adobe Commerce	=1.3.5
Adobe Commerce	=1.3.5-p7
Adobe Commerce	=1.4.2
Adobe Commerce	=1.4.2-p1
Adobe Commerce	=1.4.2-p2
Adobe Magento Commerce
Adobe Magento Commerce	=2.4.3
Adobe Magento Commerce	=2.4.4
Adobe Magento Commerce	=2.4.4-p1
Adobe Magento Commerce	=2.4.4-p10
Adobe Magento Commerce	=2.4.4-p2
Adobe Magento Commerce	=2.4.4-p3
Adobe Magento Commerce	=2.4.4-p4
Adobe Magento Commerce	=2.4.4-p5
Adobe Magento Commerce	=2.4.4-p6
Adobe Magento Commerce	=2.4.4-p7
Adobe Magento Commerce	=2.4.4-p8
Adobe Magento Commerce	=2.4.4-p9
Adobe Magento Commerce	=2.4.5
Adobe Magento Commerce	=2.4.5-p1
Adobe Magento Commerce	=2.4.5-p2
Adobe Magento Commerce	=2.4.5-p3
Adobe Magento Commerce	=2.4.5-p4
Adobe Magento Commerce	=2.4.5-p5
Adobe Magento Commerce	=2.4.5-p6
Adobe Magento Commerce	=2.4.5-p7
Adobe Magento Commerce	=2.4.5-p8
Adobe Magento Commerce	=2.4.5-p9
Adobe Magento Commerce	=2.4.6
Adobe Magento Commerce	=2.4.6-p1
Adobe Magento Commerce	=2.4.6-p2
Adobe Magento Commerce	=2.4.6-p3
Adobe Magento Commerce	=2.4.6-p4
Adobe Magento Commerce	=2.4.6-p5
Adobe Magento Commerce	=2.4.6-p6
Adobe Magento Commerce	=2.4.6-p7
Adobe Magento Commerce	=2.4.7
Adobe Magento Commerce	=2.4.7-b1
Adobe Magento Commerce	=2.4.7-p1
Adobe Magento Commerce	=2.4.7-p2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-45128?
CVE-2024-45128 has been classified as a low severity vulnerability.
How does CVE-2024-45128 allow an attacker to exploit Adobe Commerce?
CVE-2024-45128 allows a low-privileged attacker to bypass security measures resulting in a security feature bypass.
Which versions of Adobe Commerce are affected by CVE-2024-45128?
CVE-2024-45128 affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10, and earlier versions.
How can I fix CVE-2024-45128 in my Adobe Commerce installation?
To fix CVE-2024-45128, upgrade to Adobe Commerce version 2.4.4-p11, 2.4.5-p10, 2.4.6-p8, or 2.4.7-p3.
Is there a workaround for CVE-2024-45128?
Currently, no specific workaround is provided for CVE-2024-45128 apart from upgrading the affected versions.

agent/first-publish-date
agent/type
agent/severity
agent/references
agent/description
agent/author
agent/weakness
collector/github-advisory-latest
source/GitHub
alias/GHSA-qpp7-742q-58j3
alias/CVE-2024-45128
agent/software-canonical-lookup
agent/last-modified-date
agent/event
collector/mitre-cve
source/MITRE
agent/title
collector/github-advisory
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-api
package-manager/composer
vendor/adobe
canonical/adobe magento commerce
version/adobe magento commerce/2.3.7
version/adobe magento commerce/2.3.7-p1
version/adobe magento commerce/2.3.7-p2
version/adobe magento commerce/2.3.7-p3
version/adobe magento commerce/2.3.7-p4
version/adobe magento commerce/2.3.7-p4-ext1
version/adobe magento commerce/2.3.7-p4-ext2
version/adobe magento commerce/2.3.7-p4-ext3
version/adobe magento commerce/2.3.7-p4-ext4
version/adobe magento commerce/2.4.0
version/adobe magento commerce/2.4.0-ext-1
version/adobe magento commerce/2.4.0-ext-2
version/adobe magento commerce/2.4.0-ext-3
version/adobe magento commerce/2.4.0-ext-4
version/adobe magento commerce/2.4.1
version/adobe magento commerce/2.4.1-ext-1
version/adobe magento commerce/2.4.1-ext-2
version/adobe magento commerce/2.4.1-ext-3
version/adobe magento commerce/2.4.1-ext-4
version/adobe magento commerce/2.4.2
version/adobe magento commerce/2.4.2-ext-1
version/adobe magento commerce/2.4.2-ext-2
version/adobe magento commerce/2.4.2-ext-3
version/adobe magento commerce/2.4.2-ext-4
version/adobe magento commerce/2.4.2-p1
version/adobe magento commerce/2.4.2-p2
version/adobe magento commerce/2.4.3
version/adobe magento commerce/2.4.3-ext-1
version/adobe magento commerce/2.4.3-ext-2
version/adobe magento commerce/2.4.3-ext-3
version/adobe magento commerce/2.4.3-ext-4
version/adobe magento commerce/2.4.3-p1
version/adobe magento commerce/2.4.3-p2
version/adobe magento commerce/2.4.4
version/adobe magento commerce/2.4.4-p1
version/adobe magento commerce/2.4.4-p10
version/adobe magento commerce/2.4.4-p2
version/adobe magento commerce/2.4.4-p3
version/adobe magento commerce/2.4.4-p4
version/adobe magento commerce/2.4.4-p5
version/adobe magento commerce/2.4.4-p6
version/adobe magento commerce/2.4.4-p7
version/adobe magento commerce/2.4.4-p8
version/adobe magento commerce/2.4.4-p9
version/adobe magento commerce/2.4.5
version/adobe magento commerce/2.4.5-p1
version/adobe magento commerce/2.4.5-p2
version/adobe magento commerce/2.4.5-p3
version/adobe magento commerce/2.4.5-p4
version/adobe magento commerce/2.4.5-p5
version/adobe magento commerce/2.4.5-p6
version/adobe magento commerce/2.4.5-p7
version/adobe magento commerce/2.4.5-p8
version/adobe magento commerce/2.4.5-p9
version/adobe magento commerce/2.4.6
version/adobe magento commerce/2.4.6-p1
version/adobe magento commerce/2.4.6-p2
version/adobe magento commerce/2.4.6-p3
version/adobe magento commerce/2.4.6-p4
version/adobe magento commerce/2.4.6-p5
version/adobe magento commerce/2.4.6-p6
version/adobe magento commerce/2.4.6-p7
version/adobe magento commerce/2.4.7
version/adobe magento commerce/2.4.7-b1
version/adobe magento commerce/2.4.7-b2
version/adobe magento commerce/2.4.7-p1
version/adobe magento commerce/2.4.7-p2
canonical/adobe commerce
version/adobe commerce/1.3.3
version/adobe commerce/1.3.3-p10
version/adobe commerce/1.3.4
version/adobe commerce/1.3.4-p9
version/adobe commerce/1.3.5
version/adobe commerce/1.3.5-p7
version/adobe commerce/1.4.2
version/adobe commerce/1.4.2-p1
version/adobe commerce/1.4.2-p2

CVE-2024-45128: Adobe Commerce | Incorrect Authorization (CWE-863)

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-45128?

How does CVE-2024-45128 allow an attacker to exploit Adobe Commerce?

Which versions of Adobe Commerce are affected by CVE-2024-45128?

How can I fix CVE-2024-45128 in my Adobe Commerce installation?

Is there a workaround for CVE-2024-45128?

Company

Resources

Contact