CVE-2024-49521

HIGH Year: 2024
CVSS v3 Score
7.7
High
Weakness Type
CWE-918
View all →

Vulnerability Description

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction.

Related Vulnerabilities

CVE-2016-4374

HIGH
CVSS:7.7(High)

HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information...

CWE-9182016

CVE-2017-7566

HIGH
CVSS:7.7(High)

MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.

CWE-9182017

CVE-2018-19571

HIGH
CVSS:7.7(High)

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.

CWE-9182018

CVE-2019-15033

HIGH
CVSS:7.7(High)

Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as ...

CWE-9182019

CVE-2019-6257

HIGH
CVSS:7.7(High)

A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in p...

CWE-9182019

CVE-2019-7652

HIGH
CVSS:7.7(High)

TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type,...

CWE-9182019