CVE-2024-39322 — MEDIUM (5.5)

Q: How severe is CVE-2024-39322?

CVE-2024-39322 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-39322?

Check the references section above for vendor advisories and patch information. Affected products include: Aimeos Project Ai-Controller-Frontend.

Vulnerability Description

aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Aimeos Project	Ai-Controller-Frontend	< 2020.10.13

Related Weaknesses (CWE)

CWE-863

References

FAQ

What is CVE-2024-39322?

CVE-2024-39322 is a vulnerability with a CVSS score of 5.5 (MEDIUM). aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows edito...

How severe is CVE-2024-39322?

CVE-2024-39322 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-39322?

Check the references section above for vendor advisories and patch information. Affected products include: Aimeos Project Ai-Controller-Frontend.