CVE-2024-47173 MEDIUM

CVE-2024-47173: Aimeos GraphQL API admin interface denial of service vulnerability in SaaS and marketplace setups

Vendor Aimeos
Product ai-admin-graphql
Weakness CWE-270
Published October 24, 2024
Last update October 24, 2024

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue.

Key dates

02Disclosure timeline

October 24, 2024 CVE published
October 24, 2024 Record updated