CVE-2024-39319 — MEDIUM (5.3)

Q: How severe is CVE-2024-39319?

CVE-2024-39319 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-39319?

Check the references section above for vendor advisories and patch information. Affected products include: Aimeos Aimeos Frontend Controller.

Vulnerability Description

aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Aimeos	Aimeos Frontend Controller	< 2020.10.15

Related Weaknesses (CWE)

CWE-639

References

FAQ

What is CVE-2024-39319?

CVE-2024-39319 is a vulnerability with a CVSS score of 5.3 (MEDIUM). aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object ...

How severe is CVE-2024-39319?

CVE-2024-39319 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-39319?

Check the references section above for vendor advisories and patch information. Affected products include: Aimeos Aimeos Frontend Controller.