PT-2021-2310 · Adobe · Magento
Published
2021-02-09
·
Updated
2024-03-06
·
CVE-2021-21025
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Magento versions 2.4.1 and earlier
Magento versions 2.4.0-p1 and earlier
Magento versions 2.3.6 and earlier
Description
The issue concerns XML injection in the product layout updates of Magento. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
Recommendations
For Magento versions 2.4.1 and earlier, update to a version that fixes the XML injection issue in product layout updates.
For Magento versions 2.4.0-p1 and earlier, update to a version that fixes the XML injection issue in product layout updates.
For Magento versions 2.3.6 and earlier, update to a version that fixes the XML injection issue in product layout updates.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Magento