CVE-2024-49521 HIGH

CVE-2024-49521: Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)

Vendor Adobe

Product Adobe Commerce

Weakness CWE-918 · SSRF

Published November 12, 2024

Last update November 12, 2024

View on NVD All CVEs

CVSS base score

7.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction.

Key dates

02Disclosure timeline

November 12, 2024 CVE published

November 12, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-49521 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

CVE-2024-49521: Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)

01Description

02Disclosure timeline

03References

04Related CVE