CVE-2024-37296 — MEDIUM (5.3)

Vulnerability Description

The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Related Weaknesses (CWE)

CWE-862 CWE-841

References

FAQ

What is CVE-2024-37296?

CVE-2024-37296 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digit...

How severe is CVE-2024-37296?

CVE-2024-37296 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-37296?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.