Adobe Commerce | Information Exposure (CWE-200)
Description
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Commerce affected by an Information Exposure vulnerability allowing an admin attacker to bypass security features with low confidentiality impact.
Vulnerability
Analysis
CVE-2024-45134 is an Information Exposure vulnerability in Adobe Commerce affecting versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier [1]. The root cause involves improper handling of sensitive data that can lead to a security feature bypass [1].
Exploitation
An attacker with administrative privileges can exploit this flaw without requiring user interaction [1]. The attack surface is limited to authenticated admin users, meaning the attacker must already have some level of access to the Adobe Commerce backend [1].
Impact
Successful exploitation results in low confidentiality impact, potentially exposing information that could aid in further attacks [1]. This information exposure may help an attacker to chain with other vulnerabilities for more severe outcomes [1].
Mitigation
Adobe has not yet released a specific patch for this CVE as of the publication date. Users should monitor Adobe's security bulletin and the official Magento GitHub repository for updates [2]. Applying the latest available security patches and restricting admin access to trusted users only is recommended.
- NVD - CVE-2024-45134
- GitHub - magento/magento2: Prior to making any Submission(s), you must sign an Adobe Contributor License Agreement, available here at: https://opensource.adobe.com/cla.html. All Submissions you make to Adobe Inc. and its affiliates, assigns and subsidiaries (collectively “Adobe”) are subject to the terms of the Adobe Contributor License Agreement.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 |
magento/community-editionPackagist | >= 2.4.6-p1, < 2.4.6-p8 | 2.4.6-p8 |
magento/community-editionPackagist | >= 2.4.5-p1, < 2.4.5-p10 | 2.4.5-p10 |
magento/community-editionPackagist | < 2.4.4-p11 | 2.4.4-p11 |
Affected products
3- osv-coords2 versions
>= 2.4.7-alpha0, < 2.4.7-p3+ 1 more
- (no CPE)range: >= 2.4.7-alpha0, < 2.4.7-p3
- (no CPE)range: >= 2.4.7-beta1, < 2.4.7-p3
- Adobe/Adobe Commercev5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-4f89-5cwm-rm5gghsaADVISORY
- helpx.adobe.com/security/products/magento/apsb24-73.htmlghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-45134ghsaADVISORY
News mentions
0No linked articles in our index yet.