CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Aug 7, 2024
High
CISA KEVCVE-2024-34102
Adobe—Commerce and Magento Open Source
Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
Required Action
https://helpx.adobe.com/security/products/magento/apsb24-40.html; https://nvd.nist.gov/vuln/detail/CVE-2024-34102
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Jul 17, 2024
- KEV Added
- Jul 17, 2024
- Due Date
- Aug 7, 2024
- Related Articles
- 0
Vendor
Adobe
Commerce and Magento Open Source