CVE-2024-45128
📋 TL;DR
This CVE describes an Improper Authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures. The vulnerability affects Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, potentially impacting integrity and availability without requiring user interaction.
💻 Affected Systems
- Adobe Commerce
- Magento Open Source
📦 What is this software?
Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →⚠️ Risk & Real-World Impact
Worst Case
An attacker could bypass critical security controls, potentially gaining unauthorized access to restricted functionality or data, leading to data manipulation or limited service disruption.
Likely Case
Low-privileged users could perform actions beyond their intended permissions, potentially modifying settings or accessing restricted areas without proper authorization.
If Mitigated
With proper access controls and monitoring, impact would be limited to minor configuration changes that could be detected and rolled back.
🎯 Exploit Status
Exploitation requires low-privileged access but no user interaction. The vulnerability is in authorization logic, making exploitation straightforward for authenticated attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, or 2.4.4-p11
Vendor Advisory: https://helpx.adobe.com/security/products/magento/apsb24-73.html
Restart Required: Yes
Instructions:
1. Backup your Adobe Commerce instance. 2. Apply the security patch via Composer: composer require magento/product-community-edition=2.4.7-p3 (adjust version as needed). 3. Run setup:upgrade. 4. Clear cache. 5. Restart services.
🔧 Temporary Workarounds
Temporary Access Restriction
allImplement additional access controls to restrict low-privileged users from sensitive functionality
🧯 If You Can't Patch
- Implement strict role-based access controls and review all user permissions
- Enable detailed logging and monitoring for authorization failures and unusual user activities
🔍 How to Verify
Check if Vulnerable:
Check your Adobe Commerce version via Admin Panel or run: php bin/magento --versionCheck Version:
php bin/magento --versionVerify Fix Applied:
Verify version is updated to 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, or 2.4.4-p11 using php bin/magento --version📡 Detection & Monitoring
Log Indicators:
- Unusual authorization attempts
- Access to restricted endpoints by low-privileged users
- Permission escalation attempts
Network Indicators:
- Unusual API calls from authenticated low-privilege accounts
SIEM Query:
source="adobe_commerce" AND (event_type="authorization_failure" OR user_role="low_privilege") AND resource="restricted_endpoint"