CVE-2024-34103

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high.

Published: Jun 13, 2024
Updated: May 4, 2025
CVE: CVE-2024-34103
GHSA: GHSA-f7q4-9gwv-6774
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
adobe / commerce	2.3.7-p1	2.3.7-p1.x
adobe / commerce	2.4.3	2.4.3.x
adobe / commerce	2.3.7-p2	2.3.7-p2.x
adobe / commerce	2.4.4	2.4.4.x
adobe / commerce	2.3.7	2.3.7.x
adobe / commerce	2.3.7-p3	2.3.7-p3.x
adobe / commerce	2.4.5	2.4.5.x
adobe / commerce	2.4.4-p1	2.4.4-p1.x
adobe / commerce	2.4.5-p1	2.4.5-p1.x
adobe / commerce	2.4.4-p2	2.4.4-p2.x
adobe / commerce	2.4.5-p2	2.4.5-p2.x
adobe / commerce	2.4.4-p3	2.4.4-p3.x
adobe / commerce	2.4.6	2.4.6.x
adobe / magento	2.4.4	2.4.4.x
adobe / magento	2.4.4-p1	2.4.4-p1.x
adobe / magento	2.4.4-p2	2.4.4-p2.x
adobe / magento	2.4.4-p3	2.4.4-p3.x
adobe / magento	2.4.5	2.4.5.x
adobe / magento	2.4.5-p1	2.4.5-p1.x
adobe / magento	2.4.5-p2	2.4.5-p2.x
adobe / magento	2.4.6	2.4.6.x
adobe / commerce	2.3.7-p4-ext2	2.3.7-p4-ext2.x
adobe / commerce	2.3.7-p4-ext1	2.3.7-p4-ext1.x
adobe / commerce	2.3.7-p4	2.3.7-p4.x
adobe / commerce	2.4.0	2.4.0.x
adobe / commerce	2.4.0-ext-1	2.4.0-ext-1.x
adobe / commerce	2.4.0-ext-2	2.4.0-ext-2.x
adobe / commerce	2.4.1	2.4.1.x
adobe / commerce	2.4.1-ext-1	2.4.1-ext-1.x
adobe / commerce	2.4.1-ext-2	2.4.1-ext-2.x
adobe / commerce	2.4.2	2.4.2.x
adobe / commerce	2.4.2-ext-1	2.4.2-ext-1.x
adobe / commerce	2.4.2-ext-2	2.4.2-ext-2.x
adobe / commerce	2.4.3-ext-2	2.4.3-ext-2.x
adobe / commerce	2.4.3-ext-1	2.4.3-ext-1.x
adobe / commerce	2.4.4-p4	2.4.4-p4.x
adobe / commerce	2.4.5-p3	2.4.5-p3.x
adobe / commerce	2.4.6-p1	2.4.6-p1.x
adobe / magento	2.4.6-p2	2.4.6-p2.x
adobe / magento	2.4.6-p1	2.4.6-p1.x
adobe / magento	2.4.7-b1	2.4.7-b1.x
adobe / commerce	2.4.5-p4	2.4.5-p4.x
adobe / magento	2.4.5-p3	2.4.5-p3.x
adobe / magento	2.4.5-p4	2.4.5-p4.x
adobe / commerce	2.4.4-p5	2.4.4-p5.x
adobe / commerce	2.4.5-p5	2.4.5-p5.x
adobe / commerce	2.4.6-p2	2.4.6-p2.x
adobe / commerce	2.4.3-ext-4	2.4.3-ext-4.x
adobe / commerce	2.4.3-ext-3	2.4.3-ext-3.x
adobe / commerce	2.4.2-ext-4	2.4.2-ext-4.x
adobe / commerce	2.4.2-ext-3	2.4.2-ext-3.x
adobe / commerce	2.4.1-ext-4	2.4.1-ext-4.x
adobe / commerce	2.4.1-ext-3	2.4.1-ext-3.x
adobe / commerce	2.4.0-ext-4	2.4.0-ext-4.x
adobe / commerce	2.4.0-ext-3	2.4.0-ext-3.x
adobe / commerce	2.3.7-p4-ext4	2.3.7-p4-ext4.x
adobe / commerce	2.3.7-p4-ext3	2.3.7-p4-ext3.x
adobe / commerce	2.4.6-p3	2.4.6-p3.x
adobe / commerce	2.4.4-p6	2.4.4-p6.x
adobe / magento	2.4.6-p4	2.4.6-p4.x
adobe / magento	2.4.6-p5	2.4.6-p5.x
adobe / magento	2.4.5-p5	2.4.5-p5.x
adobe / magento	2.4.5-p6	2.4.5-p6.x
adobe / magento	2.4.5-p7	2.4.5-p7.x
adobe / magento	2.4.4-p7	2.4.4-p7.x
adobe / magento	2.4.4-p6	2.4.4-p6.x
adobe / magento	2.4.4-p5	2.4.4-p5.x
adobe / magento	2.4.4-p4	2.4.4-p4.x
adobe / magento	2.4.6-p3	2.4.6-p3.x
adobe / commerce_webhooks	1.2.0	1.4.0.x
adobe / magento	2.4.4-p8	2.4.4-p8.x
magento / community-edition	2.4.7	2.4.7.x
magento / community-edition	2.4.6	2.4.6.x
magento / community-edition	2.4.5	2.4.5.x
magento / community-edition	2.4.4	2.4.4.x
magento / community-edition	2.4.6-p1	2.4.6-p6
magento / community-edition	2.4.5-p1	2.4.5-p8
magento / community-edition	-	2.4.4-p9

Vulnerability Database

289,784

CVE-2024-34103