logo

CVE-2024-34102 - Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability

CVE-2024-34102

Adobe | Commerce and Magento Open Source

  • Date Added:
  • 2024-07-17
  • Due Date:
  • 2024-08-07
Vulnerability Name

Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability

Description

Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes
https://helpx.adobe.com/security/products/magento/apsb24-40.html; https://nvd.nist.gov/vuln/detail/CVE-2024-34102
Related News Articles

Free security scan for your website