CVE-2024-34103: 
PHP vulnerability analysis and mitigation

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability identified as CVE-2024-34103. The vulnerability was disclosed on June 13, 2024, and could result in privilege escalation within the application (NVD).

The vulnerability is classified as an Improper Authentication issue (CWE-287). It has received a CVSS v3.1 Base Score of 8.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The attack vector is network-accessible (AV:N) with high attack complexity (AC:H), requires no privileges (PR:N), and no user interaction (UI:N). The scope is unchanged (S:U) with high impacts on confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability allows attackers to gain unauthorized access or elevated privileges within the Adobe Commerce application. The high CVSS score indicates severe potential impacts on system confidentiality, integrity, and availability (NVD).

Adobe has released security updates to address this vulnerability in Adobe Commerce. Users should update to the latest versions: 2.4.7, 2.4.6-p5, 2.4.5-p7, or 2.4.4-p8, depending on their current installation version (Adobe Advisory).