GHSA-r7cm-g469-wm4g · Severity: medium · Ecosystem: composer — Magento Open Source Improper Access Control vulnerability
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised information. Exploitation of this issue does not require user interaction.
Conclusion & alert: CVE-2024-34107 is rated Moderate Risk (43.4/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.13%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.73% | 1.13% | +0.40% |
| 2 | 2026-02-28 | 0.54% | 0.73% | +0.19% |
| 3 | 2026-02-15 | — | 0.54% | — |
Full EPSS history (17 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.3 | 3.1 | MEDIUM |
|
3.9 | 1.4 | [email protected] |
| 9.8 | 3.1 | CRITICAL |
|
3.9 | 5.9 | [email protected] |
GHSA-r7cm-g469-wm4g · Severity: medium · Ecosystem: composer — Magento Open Source Improper Access Control vulnerability
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| adobe | commerce | 2.3.7 | cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:* |
| adobe | commerce | 2.3.7 | cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:* |
| adobe | commerce | 2.3.7 | cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:* |
| adobe | commerce | 2.3.7 | cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:* |
| adobe | commerce | 2.3.7 | cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:* |
| adobe | commerce | 2.3.7 | cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:* |
| adobe | commerce | 2.3.7 | cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:* |
| adobe | commerce | 2.3.7 | cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:* |
| adobe | commerce | 2.3.7 | cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:* |
| adobe | commerce | 2.4.0 | cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:* |
| adobe | commerce | 2.4.0 | cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:* |
| adobe | commerce | 2.4.0 | cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:* |
| adobe | commerce | 2.4.0 | cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:* |
| adobe | commerce | 2.4.0 | cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:* |
| adobe | commerce | 2.4.1 | cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:* |
| adobe | commerce | 2.4.1 | cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:* |
| adobe | commerce | 2.4.1 | cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:* |
| adobe | commerce | 2.4.1 | cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:* |
| adobe | commerce | 2.4.1 | cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:* |
| adobe | commerce | 2.4.2 | cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:* |
| adobe | commerce | 2.4.2 | cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:* |
| adobe | commerce | 2.4.2 | cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:* |
| adobe | commerce | 2.4.2 | cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:* |
| adobe | commerce | 2.4.2 | cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:* |
| adobe | commerce | 2.4.3 | cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:* |
| adobe | commerce | 2.4.3 | cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:* |
| adobe | commerce | 2.4.3 | cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:* |
| adobe | commerce | 2.4.3 | cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:* |
| adobe | commerce | 2.4.3 | cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:* |
| adobe | commerce_webhooks | >= 1.2.0, <= 1.4.0 | cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:* |
| adobe | magento | 2.4.4 | cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:* |
| adobe | magento | 2.4.4 | cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:* |
| adobe | magento | 2.4.4 | cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:* |
| adobe | magento | 2.4.4 | cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:* |
| adobe | magento | 2.4.4 | cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:* |
| adobe | magento | 2.4.4 | cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:* |
| adobe | magento | 2.4.4 | cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:* |
| adobe | magento | 2.4.4 | cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:* |
| adobe | magento | 2.4.4 | cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:* |
| adobe | magento | 2.4.5 | cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:* |
| adobe | magento | 2.4.5 | cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:* |
| adobe | magento | 2.4.5 | cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:* |
| adobe | magento | 2.4.5 | cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:* |
| adobe | magento | 2.4.5 | cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:* |
| adobe | magento | 2.4.5 | cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:* |
| adobe | magento | 2.4.5 | cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:* |
| adobe | magento | 2.4.5 | cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:* |
| adobe | magento | 2.4.6 | cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:* |
| adobe | magento | 2.4.6 | cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:* |
| adobe | magento | 2.4.6 | cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:* |
| adobe | magento | 2.4.6 | cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:* |
| adobe | magento | 2.4.6 | cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:* |
| adobe | magento | 2.4.6 | cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:* |
| adobe | magento | 2.4.7 | cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:* |
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/magento/apsb24-40.html | Vendor Advisory |