CVE-2024-34102

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

94.1%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

Technical Details

Published
6/13/2024

Frequently Asked Questions

What is CVE-2024-34102?

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

Is CVE-2024-34102 actively exploited?

Active exploitation of CVE-2024-34102 has not been confirmed. The EPSS score is 94.1%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-34102?

CVE-2024-34102 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2024-34102 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.