CVE-2024-45134: 
PHP vulnerability analysis and mitigation

CVE-2024-45134 is an Information Exposure vulnerability affecting Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier versions. The vulnerability was discovered and disclosed on October 10, 2024, and could potentially result in a security feature bypass (NVD, Adobe Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 2.7 (LOW) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability is network-accessible, requires high privileges, and has a low impact on confidentiality with no impact on integrity or availability. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

The vulnerability could allow an admin attacker to bypass security features, potentially leading to exposure of sensitive information. The impact is primarily on confidentiality, which may aid in further attacks. The overall impact is considered low due to the high privileges required for exploitation (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest versions of Adobe Commerce. The affected versions that need updating include Adobe Commerce 2.4.7-p2 and earlier versions, 2.4.6-p7 and earlier versions, 2.4.5-p9 and earlier versions, and 2.4.4-p10 and earlier versions (Adobe Advisory).