// For flags

CVE-2024-20758

Adobe Commerce | Improper Input Validation (CWE-20)

Severity Score

9.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high.

Las versiones 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de validación de entrada incorrecta que podría provocar la ejecución de código arbitrario en el contexto del usuario actual. La explotación de este problema no requiere la interacción del usuario, pero la complejidad del ataque es alta.

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the underlying filesystem. Exploitation of this issue does not require user interaction, but the attack complexity is high.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-12-04 CVE Reserved
  • 2024-04-10 CVE Published
  • 2025-04-15 CVE Updated
  • 2025-04-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://helpx.adobe.com/security/products/magento/apsb24-18.html 2024-04-10
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adobe
Search vendor "Adobe"
 Adobe Commerce
Search vendor "Adobe" for product "Adobe Commerce"
 <= 2.4.7-beta3
Search vendor "Adobe" for product "Adobe Commerce" and version " <= 2.4.7-beta3"
en
Affected