CVE-2024-47173

Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/aimeos/ai-admin-graphql/security/advisories/GHSA-qxgx-hvg3-v92w

Configurations

No configuration.

History

No history.

Information

Published : 2024-10-24 19:15

Updated : 2024-10-25 12:56

NVD link : CVE-2024-47173

Mitre link : CVE-2024-47173

CVE.ORG link : CVE-2024-47173

JSON object : View

Products Affected

No product.

CWE

CWE-270

Privilege Context Switching Error

5.5 /10