CVE-2024-47173

Summary

Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue.

Affected Software

VendorProductVersion RangeStatus
aimeosai-admin-graphql>= 2024.04.1, < 2024.07.2affected

Weaknesses

  • CWE-270: CWE-270: Privilege Context Switching Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References