9.8 CVE-2024-34102
CISA Kev Catalog Exploit
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
https://nvd.nist.gov/vuln/detail/CVE-2024-34102
Categories
CWE-611 : Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. An acronym used for the term "XML eXternal Entities" Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Many XML parsers and validators can be configured to disable external entity expansion. Recruiter software allows reading arbitrary files using XXE A browser control can allow remote attackers to determine the existence of files via Javascript containing XML script. XXE during SVG image conversion XXE in PHP application allows reading the application's configuration file. XXE in database server XXE in rapid web application development framework allows reading arbitrary files. XXE via XML-RPC request. XXE in office document product using RDF. XXE in web-based administration tool for database. XXE in product that performs large-scale data analysis. XXE in XSL stylesheet functionality in a common library used by some web browsers.
References
psirt@adobe.com Exploit
https://helpx.adobe.com/security/products/magento/apsb24-40.html Vendor Advisory |
https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-x... Exploit Technical Description Third Party Advisory |
CPE
cpe | start | end |
---|---|---|
Configuration 1 | ||
cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.3.7:p4-ext1:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.3.7:p4-ext2:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.3.7:p4-ext3:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.3.7:p4-ext4:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.0:ext-2:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.0:ext-3:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.0:ext-4:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.1:ext-2:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.1:ext-3:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.1:ext-4:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.2:ext-3:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.2:ext-4:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.3:ext-3:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.3:ext-4:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:* | ||
cpe:2.3:a:adobe:commerce_webhooks:*:*:*:*:*:*:*:* | >= 1.2.0 | <= 1.4.0 |
cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:* | ||
cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:* |
REMEDIATION
EXPLOITS
Exploit-db.com
id | description | date | |
---|---|---|---|
No known exploits |
POC Github
Other Nist (github, ...)
Url |
---|
https://www.vicarius.io/vsociety/posts/cosmicsting-critical-unauthenticated-x... |
CAPEC
Common Attack Pattern Enumerations and Classifications
id | description | severity |
---|---|---|
221 | Data Serialization External Entities Blowup |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.