CVE-2024-34104

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-285
View all →

Vulnerability Description

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.

Related Vulnerabilities

CVE-2020-2050

HIGH
CVSS:8.2(High)

An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an inval...

CWE-2852020

CVE-2021-39341

HIGH
CVSS:8.2(High)

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key funct...

CWE-2852021

CVE-2022-0860

HIGH
CVSS:8.2(High)

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.

CWE-2852022

CVE-2022-4804

HIGH
CVSS:8.2(High)

Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.

CWE-2852022

CVE-2023-5948

HIGH
CVSS:8.2(High)

Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91.

CWE-2852023

CVE-2025-3921

HIGH
CVSS:8.2(High)

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function in versions 1.9.1 to...

CWE-2852025