Detections
Analytics

Adobe Commerce B2B Multiple Vulnerabilities (APSB24-73)

medium Nessus Plugin ID 242633

Synopsis

The Adobe Commerce B2B instance installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Adobe Commerce B2B installed on the remote host falls within one of the following ranges 1.4.2.0 < 1.4.2-p3 / 1.3.5.0 < 1.3.5-p8 / 1.3.4.0 < 1.3.4-p10 / 0.x < 1.3.3-p11

It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-23 advisory.

 - Adobe Commerce versions 1.4.2-p2, 1.3.5-p7, 1.3.4-p9, 1.3.3-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this i ssue does not require user interaction.

 - Adobe Commerce versions 1.4.2-p2, 1.3.5-p7, 1.3.4-p9, 1.3.3-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-Privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction.

 - Adobe Commerce versions 1.4.2-p2, 1.3.5-p7, 1.3.4-p9, 1.3.3-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade Adobe Commerce B2B as advised.

See Also

http://www.nessus.org/u?43c587de

Plugin Details

Severity: Medium

ID: 242633

File Name: adobe_commerce_b2b_apsb24-73.nasl

Version: 1.1

Type: local

Agent: unix

Family: Misc.

Published: 7/23/2025

Updated: 7/23/2025

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS Score Source: CVE-2024-45116

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vulnerability Information

CPE: cpe:/a:adobe:experience_manager

Patch Publication Date: 4/9/2024

Vulnerability Publication Date: 4/9/2024

Reference Information

CVE: CVE-2024-45115, CVE-2024-45116, CVE-2024-45117, CVE-2024-45118, CVE-2024-45119, CVE-2024-45120, CVE-2024-45121, CVE-2024-45122, CVE-2024-45123, CVE-2024-45124, CVE-2024-45125, CVE-2024-45127, CVE-2024-45128, CVE-2024-45129, CVE-2024-45130, CVE-2024-45131, CVE-2024-45132, CVE-2024-45133, CVE-2024-45134, CVE-2024-45135, CVE-2024-45148, CVE-2024-45149