CVE-2021-21013

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Adobe Bridge (affected versions not specified)

Description: The issue is related to a mechanism flaw in the customer API module of Magento Commerce, which can be exploited to gain unauthorized access to protected information. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account. Additionally, there is a buffer overflow vulnerability in Adobe Bridge that can be exploited to execute arbitrary code in the context of the current user using a specially crafted file.

Recommendations: For Magento versions 2.4.1 and earlier, update to a version that addresses the insecure direct object vulnerability in the customer API module. For Magento versions 2.4.0-p1 and earlier, update to a version that addresses the insecure direct object vulnerability in the customer API module. For Magento versions 2.3.6 and earlier, update to a version that addresses the insecure direct object vulnerability in the customer API module. For Adobe Bridge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.