CVE-2024-34102 - Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability

CVE-2024-34102: Adobe | Commerce and Magento Open Source

Date Added:
2024-07-17

Due Date:
2024-08-07

Vulnerability Name: Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability

Description: Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://helpx.adobe.com/security/products/magento/apsb24-40.html; https://nvd.nist.gov/vuln/detail/CVE-2024-34102

Related News Articles

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting ExploitOctober 2, 2024

Hackers inject malicious JS in Cisco store to steal credit cards, credentialsSeptember 4, 2024

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software ManagerJuly 18, 2024

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain AttackJune 26, 2024

CosmicSting flaw impacts 75% of Adobe Commerce, Magento sitesJune 21, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard