PT-2021-2186 · Adobe · Magento
Published
2021-02-09
·
Updated
2024-03-06
·
CVE-2021-21020
CVSS v2.0
5.4
Medium
| Vector | AV:N/AC:H/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions:
Magento versions 2.4.1 and earlier
Magento versions 2.4.0-p1 and earlier
Magento versions 2.3.6 and earlier
Description:
The issue is related to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources. The vulnerability is associated with deficiencies in access control, which could allow a remote attacker to impact data integrity.
Recommendations:
For versions 2.4.1 and earlier, update to a version that includes a fix for the access control bypass vulnerability in the Login as Customer module.
For versions 2.4.0-p1 and earlier, update to a version that includes a fix for the access control bypass vulnerability in the Login as Customer module.
For versions 2.3.6 and earlier, update to a version that includes a fix for the access control bypass vulnerability in the Login as Customer module.
As a temporary workaround, consider disabling the Login as Customer module until a patch is available.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Magento