Skip to content
New Ebook: Get your copy of the Unleash the Power of Censys Search Handbook today! | Download Now
Advisory

July 24, 2024 Advisory: Unauthenticated XXE Vulnerability in Adobe Commerce Could Lead to Site Compromise and Sensitive Data Exposure [CVE-2024-34102]

  • Date of Issue Disclosure: June 13, 2024
  • CVE-ID and CVSS Score: CVE-2024-34102, CVSS 9.8 (Critical)
  • Issue Name and Description: Unauthenticated XML External Entity (XXE) vulnerability in Adobe Commerce (formerly known as Magento).
  • Asset Description: Adobe Commerce is a digital eCommerce platform for businesses. This affects the following versions, per Adobe’s security advisory.
Product Version Platform
 Adobe Commerce 2.4.7 and earlier
2.4.6-p5 and earlier
2.4.5-p7 and earlier
2.4.4-p8 and earlier
2.4.3-ext-7 and earlier*
2.4.2-ext-7 and earlier*
All
Magento Open Source 2.4.7 and earlier
2.4.6-p5 and earlier
2.4.5-p7 and earlier
2.4.4-p8 and earlier
All
Adobe Commerce Webhooks Plugin 1.2.0 to 1.4.0 Manual Plugin Installation

 

Attack Surface Management Solutions
Learn more