Latest medium severity vulnerabilities for "adobe magento commerce" 2.4.0

Adobe Magento CommerceAdobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

medium

4.3

First published (updated )

CVE-2024-45120

Adobe Magento CommerceAdobe Commerce | Incorrect Authorization (CWE-863)

medium

6.5

First published (updated )

CVE-2024-45132

Adobe Magento CommerceAdobe Commerce | Incorrect Authorization (CWE-863)

medium

5.4

First published (updated )

CVE-2024-45131

Adobe Magento CommerceAdobe Commerce | Incorrect Authorization (CWE-863)

medium

5.4

First published (updated )

CVE-2024-45128

Adobe Magento CommerceAdobe Commerce | Improper Access Control (CWE-284)

medium

4.3

First published (updated )

CVE-2024-45129

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Adobe Magento CommerceAdobe Commerce | Improper Access Control (CWE-284)

medium

4.3

First published (updated )

CVE-2024-45130

Adobe Magento CommerceAdobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

medium

4.8

First published (updated )

CVE-2024-45127

Adobe Magento CommerceAdobe Commerce | Incorrect Authorization (CWE-863)

medium

4.3

First published (updated )

CVE-2024-45125

Adobe Magento CommerceAdobe Commerce | Improper Access Control (CWE-284)

medium

5.3

First published (updated )

CVE-2024-45124

Adobe Magento CommerceAdobe Commerce | Improper Access Control (CWE-284)

medium

4.3

First published (updated )

CVE-2024-45121

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Adobe Magento CommerceAdobe Commerce | Improper Access Control (CWE-284)

medium

6.5

First published (updated )

CVE-2024-45118

Adobe Magento CommerceAdobe Commerce | Improper Access Control (CWE-284)

medium

4.3

First published (updated )

CVE-2024-45122

Adobe Magento CommerceAdobe Commerce | Cross-site Scripting (Reflected XSS) (CWE-79)

medium

6.1

First published (updated )

CVE-2024-45123

Adobe Magento CommerceAdobe Commerce | Incorrect Authorization (CWE-863)

medium

4.3

First published (updated )

CVE-2023-29288

Adobe Magento CommerceAdobe Commerce | Uncontrolled Resource Consumption (CWE-400)

medium

5.3

First published (updated )

CVE-2023-38251

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Adobe Magento CommerceAdobe Commerce Improper Access Control Security feature bypass

medium

5.3

First published (updated )

CVE-2022-34259

Adobe Magento CommerceAdobe Commerce Stored XSS Arbitrary code execution

medium

6.1

First published (updated )

CVE-2022-34257

Adobe Magento CommerceAdobe Commerce Improper Access Control Security feature bypass

medium

5.3

First published (updated )

CVE-2022-35692

Adobe Magento CommerceMagento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information Disclosure

medium

5.3

First published (updated )

CVE-2021-21012

Adobe Magento CommerceAdobe Commerce Stored XSS Arbitrary code execution

medium

5.5

First published (updated )

CVE-2022-34258

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Adobe Magento CommerceInsecure Direct Object Reference - An attacker can able to erase the victim quote details

medium

5.3

First published (updated )

CVE-2024-34106

Adobe Magento CommerceStored Cross Site Scripting in Order Comment

medium

4.8

First published (updated )

CVE-2024-34105

Adobe Magento CommerceInsecure Direct Object Reference (IDOR) in Create Quote Function

medium

4.3

First published (updated )

CVE-2023-29295

Adobe Magento CommerceAdobe Commerce Guest Cart Shipping Address Overwrite IDOR

medium

5.3

First published (updated )

CVE-2023-29290

Adobe Magento CommerceBypass Purchase Order Approval using Company User in Adobe Commerce B2B

medium

4.3

First published (updated )

CVE-2023-29294

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Adobe Magento Commerce[Cloud] Customer suspects IDOR vulnerability

medium

4.3

First published (updated )

CVE-2023-29296

Adobe Magento CommerceServer Side Request Forgery (SSRF) in USPS carrier integration configuration

medium

4.9

First published (updated )

CVE-2023-29291

Adobe Magento CommerceServer Side Request Forgery (SSRF) in FedEx carrier integration configuration

medium

4.9

First published (updated )

CVE-2023-29292

Adobe Magento CommerceError based file extraction via PHP filter chains during product bulk import logic

medium

4.9

First published (updated )

CVE-2023-26367

Adobe Magento CommerceValidate Your Inputs | Server-Side Request Forgery (SSRF) (CWE-918)

medium

6.8

First published (updated )

CVE-2023-26366

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Adobe Magento CommerceAdobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

Adobe Magento CommerceAdobe Commerce | Incorrect Authorization (CWE-863)

Adobe Magento CommerceAdobe Commerce | Incorrect Authorization (CWE-863)

Adobe Magento CommerceAdobe Commerce | Incorrect Authorization (CWE-863)

Adobe Magento CommerceAdobe Commerce | Improper Access Control (CWE-284)

Never miss a vulnerability like this again

Adobe Magento CommerceAdobe Commerce | Improper Access Control (CWE-284)

Adobe Magento CommerceAdobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Magento CommerceAdobe Commerce | Incorrect Authorization (CWE-863)

Adobe Magento CommerceAdobe Commerce | Improper Access Control (CWE-284)

Adobe Magento CommerceAdobe Commerce | Improper Access Control (CWE-284)

Never miss a vulnerability like this again

Adobe Magento CommerceAdobe Commerce | Improper Access Control (CWE-284)

Adobe Magento CommerceAdobe Commerce | Improper Access Control (CWE-284)

Adobe Magento CommerceAdobe Commerce | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Magento CommerceAdobe Commerce | Incorrect Authorization (CWE-863)

Adobe Magento CommerceAdobe Commerce | Uncontrolled Resource Consumption (CWE-400)

Never miss a vulnerability like this again

Adobe Magento CommerceAdobe Commerce Improper Access Control Security feature bypass

Adobe Magento CommerceAdobe Commerce Stored XSS Arbitrary code execution

Adobe Magento CommerceAdobe Commerce Improper Access Control Security feature bypass

Adobe Magento CommerceMagento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information Disclosure

Adobe Magento CommerceAdobe Commerce Stored XSS Arbitrary code execution

Never miss a vulnerability like this again

Adobe Magento CommerceInsecure Direct Object Reference - An attacker can able to erase the victim quote details

Adobe Magento CommerceStored Cross Site Scripting in Order Comment

Adobe Magento CommerceInsecure Direct Object Reference (IDOR) in Create Quote Function

Adobe Magento CommerceAdobe Commerce Guest Cart Shipping Address Overwrite IDOR

Adobe Magento CommerceBypass Purchase Order Approval using Company User in Adobe Commerce B2B

Never miss a vulnerability like this again

Adobe Magento Commerce[Cloud] Customer suspects IDOR vulnerability

Adobe Magento CommerceServer Side Request Forgery (SSRF) in USPS carrier integration configuration

Adobe Magento CommerceServer Side Request Forgery (SSRF) in FedEx carrier integration configuration

Adobe Magento CommerceError based file extraction via PHP filter chains during product bulk import logic

Adobe Magento CommerceValidate Your Inputs | Server-Side Request Forgery (SSRF) (CWE-918)

Never miss a vulnerability like this again

Company

Resources

Contact