CVE-2024-39398

high-risk

Published 2024-08-14

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high.

Do I need to act?

0.15% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.4/10 High

NETWORK / HIGH complexity

Affected Products (20)

Commerce

Affected Vendors

Adobe

References (1)

Vendor Advisory https://helpx.adobe.com/security/products/magento/apsb24-61.html

/ 100

high-risk

Severity 22/34 · High

Exploitability 1/34 · Minimal

Exposure 27/34 · High