WEB Adobe Commerce and Magento_createFromArray XML External Entity Injection -3 (CVE-2024-34102)

Rule ID

1235441

Severity

Critical

Description

An XML External Entity Injection vulnerability has been reported in Adobe Commerce and Magento. The vulnerability is due to improper validation of user data sent through multiple API endpoints. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the disclosure of information from the target server's filesystem.

Impact

Remote code execution

Recommendation

Update vendor's patch.

IPS Category

Web threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2024-34102

T1059

Keywords

N/A

Date Created

2024/08/06

Last Updated

2024/12/26

This website uses cookies to ensure you get the best experience on our website.

Learn more