CVE-2024-39409

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.

Published: Aug 14, 2024
Updated: May 4, 2025
CVE: CVE-2024-39409
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
adobe / commerce	2.4.4	2.4.4.x
adobe / commerce	2.4.5	2.4.5.x
adobe / commerce	2.4.4-p1	2.4.4-p1.x
adobe / commerce	2.4.5-p1	2.4.5-p1.x
adobe / commerce	2.4.4-p2	2.4.4-p2.x
adobe / commerce	2.4.5-p2	2.4.5-p2.x
adobe / commerce	2.4.4-p3	2.4.4-p3.x
adobe / commerce	2.4.6	2.4.6.x
adobe / commerce	2.4.4-p4	2.4.4-p4.x
adobe / commerce	2.4.5-p3	2.4.5-p3.x
adobe / commerce	2.4.6-p1	2.4.6-p1.x
adobe / commerce	2.4.5-p4	2.4.5-p4.x
adobe / commerce	2.4.4-p5	2.4.4-p5.x
adobe / commerce	2.4.7-b1	2.4.7-b1.x
adobe / commerce	2.4.5-p5	2.4.5-p5.x
adobe / commerce	2.4.6-p2	2.4.6-p2.x
adobe / commerce	2.4.6-p3	2.4.6-p3.x
adobe / commerce	2.4.4-p6	2.4.4-p6.x
adobe / commerce	2.4.4-p7	2.4.4-p7.x
adobe / commerce	2.4.4-p8	2.4.4-p8.x
adobe / commerce	2.4.4-p9	2.4.4-p9.x
adobe / commerce	2.4.7-b2	2.4.7-b2.x
adobe / commerce	2.4.7	2.4.7.x
adobe / commerce	2.4.7-p1	2.4.7-p1.x
adobe / commerce	2.4.6-p4	2.4.6-p4.x
adobe / commerce	2.4.6-p5	2.4.6-p5.x
adobe / commerce	2.4.6-p6	2.4.6-p6.x
adobe / commerce	2.4.5-p6	2.4.5-p6.x
adobe / commerce	2.4.5-p7	2.4.5-p7.x
adobe / commerce	2.4.5-p8	2.4.5-p8.x
adobe / commerce	-	2.4.3.x
adobe / magento	2.4.4	2.4.4.x
adobe / magento	2.4.4-p1	2.4.4-p1.x
adobe / magento	2.4.4-p2	2.4.4-p2.x
adobe / magento	2.4.4-p3	2.4.4-p3.x
adobe / magento	2.4.5	2.4.5.x
adobe / magento	2.4.5-p1	2.4.5-p1.x
adobe / magento	2.4.5-p2	2.4.5-p2.x
adobe / magento	2.4.6	2.4.6.x
adobe / magento	2.4.6-p2	2.4.6-p2.x
adobe / magento	2.4.6-p1	2.4.6-p1.x
adobe / magento	2.4.7-b1	2.4.7-b1.x
adobe / magento	2.4.5-p3	2.4.5-p3.x
adobe / magento	2.4.5-p4	2.4.5-p4.x
adobe / magento	2.4.6-p4	2.4.6-p4.x
adobe / magento	2.4.6-p5	2.4.6-p5.x
adobe / magento	2.4.5-p5	2.4.5-p5.x
adobe / magento	2.4.5-p6	2.4.5-p6.x
adobe / magento	2.4.5-p7	2.4.5-p7.x
adobe / magento	2.4.4-p7	2.4.4-p7.x
adobe / magento	2.4.4-p6	2.4.4-p6.x
adobe / magento	2.4.4-p5	2.4.4-p5.x
adobe / magento	2.4.4-p4	2.4.4-p4.x
adobe / magento	2.4.6-p3	2.4.6-p3.x
adobe / magento	2.4.4-p8	2.4.4-p8.x
adobe / magento	2.4.7-b2	2.4.7-b2.x
adobe / magento	2.4.7-p1	2.4.7-p1.x
adobe / magento	2.4.7	2.4.7.x
adobe / magento	2.4.6-p6	2.4.6-p6.x
adobe / magento	2.4.5-p8	2.4.5-p8.x
adobe / magento	2.4.4-p9	2.4.4-p9.x
adobe / magento	-	2.4.3.x

https://helpx.adobe.com/security/products/magento/apsb24-61.html

Vulnerability Database

289,697

CVE-2024-39409