CVE-2024-39323

HIGH

Aimeos Ai-admin-graphql < 2022.10.10 - Incorrect Authorization

Title source: rule
STIX 2.1

Description

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10, 2023.10.6, and 2024.04.6 fix this issue.

References (4)

Scores

CVSS v3 7.1
EPSS 0.0010
EPSS Percentile 28.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-1220 CWE-863
Status published
Products (4)
aimeos/ai-admin-graphql 2022.04.1 - 2022.10.10Packagist
aimeos/ai-admin-graphql >= 2022.04.1, < 2022.10.10
aimeos/ai-admin-graphql >= 2023.04.1, < 2023.10.6
aimeos/ai-admin-graphql >= 2024.04.1, < 2024.04.6
Published Jul 02, 2024
Tracked Since Feb 18, 2026