Platform
adobe
Component
adobe-commerce
Fixed in
2.4.5
CVE-2024-45115 represents an Improper Authentication vulnerability within Adobe Commerce. This flaw allows an attacker to potentially escalate privileges, leading to unauthorized access and control within the application. The vulnerability impacts versions 0 through 2.4.4-p10 of Adobe Commerce. Adobe has released patches for versions 2.4.5-p9, 2.4.6-p7, and 2.4.7-p2.
The Improper Authentication vulnerability in Adobe Commerce allows attackers to bypass authentication mechanisms and gain elevated privileges. This could enable them to access sensitive data, modify system configurations, or even take complete control of the affected Commerce instance. The lack of user interaction required for exploitation significantly broadens the attack surface, making it easier for malicious actors to compromise systems. A successful exploit could lead to data breaches, service disruption, and reputational damage. Given the critical nature of Adobe Commerce for many businesses, the potential impact is substantial.
CVE-2024-45115 was publicly disclosed on October 10, 2024. While no active exploitation campaigns have been publicly confirmed, the vulnerability's critical severity and ease of exploitation suggest it is likely a target for attackers. The absence of user interaction makes it particularly attractive. It is not currently listed on the CISA KEV catalog, but its severity warrants close monitoring. Public proof-of-concept exploits are not yet available, but the vulnerability's nature suggests they are likely to emerge.
Exploit Status
EPSS
0.75% (73% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-45115 is to immediately upgrade Adobe Commerce to a patched version: 2.4.5-p9, 2.4.6-p7, or 2.4.7-p2. If an immediate upgrade is not feasible, consider implementing stricter access controls and reviewing existing authentication mechanisms to limit the potential impact of a successful exploit. While not a direct fix, implementing multi-factor authentication (MFA) can add an extra layer of security. Regularly review and audit user permissions to ensure least privilege access is enforced. After upgrading, confirm the fix by attempting to reproduce the vulnerability using known exploitation techniques and verifying that authentication checks are functioning as expected.
Update Adobe Commerce to the latest available version. Refer to the Adobe security bulletin for detailed instructions on how to update your installation. Apply the patches provided by Adobe to mitigate the vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-45115 is a CRITICAL Improper Authentication vulnerability in Adobe Commerce allowing attackers to gain elevated privileges without user interaction.
Yes, if you are running Adobe Commerce versions 0 through 2.4.4-p10, you are affected by this vulnerability.
Upgrade Adobe Commerce to version 2.4.5-p9, 2.4.6-p7, or 2.4.7-p2 to remediate the vulnerability.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's critical severity suggests it is a likely target for attackers.
Refer to the Adobe Security Bulletin for CVE-2024-45115: https://www.adobe.com/security/advisories/known/AdobeID-Security-Advisory.txt
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.