Adobe Commerce Insufficiently Protected Credentials Vulnerability Leading to Security Feature Bypass

Vulnerability

A vulnerability allowing insufficiently protected credentials has been identified in Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier. This vulnerability could lead to a security feature bypass, allowing a high privileged attacker to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this vulnerability does not require user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized access to protected resources by allowing attackers to obtain sensitive credential information, thereby bypassing security features.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adobe Commerce Insufficiently Protected Credentials Vulnerability Leading to Security Feature Bypass

Vulnerability

Impact

Affected Products

Adobe Commerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating