CVE-2021-37709

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 6.4.3.1

Description The issue involves an insecure direct object reference of log files of the Import/Export feature. This allows unauthorized access to sensitive information. A patch for this issue is available in version 6.4.3.1. For older versions of 6.1, 6.2, and 6.3, security measures are available via a plugin.

Recommendations For versions prior to 6.4.3.1, update to version 6.4.3.1 to resolve the issue. For older versions of 6.1, 6.2, and 6.3, install the available security plugin as a workaround. As a temporary measure, consider restricting access to the Import/Export feature until the update or plugin installation is complete.