PT-2021-1885 · Adobe · Magento
Published
2021-01-12
·
Updated
2022-08-19
·
CVE-2021-21012
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Magento versions 2.4.1 and earlier
Magento versions 2.4.0-p1 and earlier
Magento versions 2.3.6 and earlier
Description
The issue is related to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure. The vulnerability is associated with deficiencies in the authorization mechanism, which could allow a remote attacker to gain unauthorized access to protected information.
Recommendations
For Magento versions 2.4.1 and earlier, update to a version that includes a fix for the IDOR vulnerability in the checkout module.
For Magento versions 2.4.0-p1 and earlier, update to a version that includes a fix for the IDOR vulnerability in the checkout module.
For Magento versions 2.3.6 and earlier, update to a version that includes a fix for the IDOR vulnerability in the checkout module.
As a temporary workaround, consider restricting access to the checkout module until a patch is available.
Fix
Incorrect Authorization
IDOR
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Magento