How severe is CVE-2024-45117?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.6 out of 10.

What type of vulnerability is CVE-2024-45117?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2024-45117 - HIGH Severity | CVSS 7.6

Vulnerability Description

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed.

Related Vulnerabilities

CVE-2016-1612

HIGH

CVSS:7.6(High)

The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, wh...

CWE-202016

CVE-2017-0095

HIGH

CVSS:7.6(High)

Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V ...

CWE-202017

CVE-2017-0109

HIGH

CVSS:7.6(High)

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows gue...

CWE-202017

CVE-2017-0162

HIGH

CVSS:7.6(High)

A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly vali...

CWE-202017

CVE-2017-0163

HIGH

CVSS:7.6(High)

A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "...

CWE-202017

CVE-2017-0180

HIGH

CVSS:7.6(High)

CWE-202017