Adobe Commerce | Improper Access Control (CWE-284)
Description
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Commerce 2.4.4-p10 through 2.4.7-p2 contain an improper access control flaw allowing attackers to bypass security measures with low integrity impact, requiring no user interaction.
Vulnerability
Overview
CVE-2024-45124 is an Improper Access Control vulnerability affecting Adobe Commerce versions 2.4.4-p10, 2.4.5-p9, 2.4.6-p7, 2.4.7-p2, and earlier. The flaw stems from inadequate enforcement of access restrictions on certain functions or resources, enabling a security feature bypass [1].
Exploitation
Conditions
An attacker can exploit this vulnerability without any user interaction and without requiring elevated privileges. The network-based attack vector suggests the issue is exploitable remotely, with low attack complexity [1].
Impact
Assessment
Successful exploitation allows an attacker to bypass security measures, resulting in a low impact on integrity. There is no indication of impact to confidentiality or availability. This means an attacker could potentially modify certain data or settings without proper authorization, but the scope of modification is limited [1].
Remediation
Adobe has addressed this vulnerability in security updates for the affected versions. Users are strongly advised to update their Adobe Commerce installations to the latest patched versions. For environments where immediate patching is not feasible, administrators should review access controls and monitor for unusual activity that could indicate exploitation attempts [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 |
magento/community-editionPackagist | >= 2.4.6-p1, < 2.4.6-p8 | 2.4.6-p8 |
magento/community-editionPackagist | >= 2.4.5-p1, < 2.4.5-p10 | 2.4.5-p10 |
magento/community-editionPackagist | < 2.4.4-p11 | 2.4.4-p11 |
Affected products
3- osv-coords2 versions
>= 2.4.7-alpha0, < 2.4.7-p3+ 1 more
- (no CPE)range: >= 2.4.7-alpha0, < 2.4.7-p3
- (no CPE)range: >= 2.4.7-beta1, < 2.4.7-p3
- Adobe/Adobe Commercev5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-w3p2-pc3h-69wvghsaADVISORY
- helpx.adobe.com/security/products/magento/apsb24-73.htmlghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-45124ghsaADVISORY
News mentions
0No linked articles in our index yet.