Adobe Commerce | Improper Access Control (CWE-284)
Description
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Commerce improper access control allows low-privileged attackers to escalate privileges, patched in latest versions.
CVE-2024-45129 is an Improper Access Control vulnerability in Adobe Commerce that affects versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10, and earlier [1]. The root cause is insufficient access control checks, allowing a low-privileged attacker to bypass intended security measures.
Exploitation does not require user interaction and can be carried out by an authenticated attacker with low privileges [1]. The attack complexity is low, and the attacker can trigger the vulnerability through crafted requests.
Successful exploitation results in privilege escalation, with a low impact on integrity [1]. The attacker may gain unauthorized access to restricted functionality or data.
Adobe has released security updates to address this issue. Users are advised to upgrade to the latest supported versions to mitigate the risk [1]. No workarounds have been published.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 |
magento/community-editionPackagist | >= 2.4.6-p1, < 2.4.6-p8 | 2.4.6-p8 |
magento/community-editionPackagist | >= 2.4.5-p1, < 2.4.5-p10 | 2.4.5-p10 |
magento/community-editionPackagist | < 2.4.4-p11 | 2.4.4-p11 |
Affected products
3- osv-coords2 versions
>= 2.4.7-alpha0, < 2.4.7-p3+ 1 more
- (no CPE)range: >= 2.4.7-alpha0, < 2.4.7-p3
- (no CPE)range: >= 2.4.7-beta1, < 2.4.7-p3
- Adobe/Adobe Commercev5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-m58h-998x-66f3ghsaADVISORY
- helpx.adobe.com/security/products/magento/apsb24-73.htmlghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-45129ghsaADVISORY
News mentions
0No linked articles in our index yet.