PT-2021-19876 · Shopware · Shopware
Phil23
·
Published
2021-03-12
·
Updated
2021-09-08
·
CVE-2021-32710
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Shopware versions prior to 6.3.5.2
Description
The issue concerns potential session hijacking of store customers.
Recommendations
For versions prior to 6.3.5.2, update to the current version 6.3.5.2 via the Auto-Updater or directly via the download overview.
For older versions of 6.1 and 6.2, install the corresponding security plugin to apply security measures.
Fix
Session Fixation
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Shopware