PT-2021-2949 · Adobe · Magento
Published
2021-02-09
·
Updated
2024-03-06
·
CVE-2021-21022
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Magento versions 2.4.1 and earlier
Magento versions 2.4.0-p1 and earlier
Magento versions 2.3.6 and earlier
Description
The issue is related to an insecure direct object reference (IDOR) in the product module, which could lead to unauthorized access to restricted resources. The vulnerability is associated with authentication errors, allowing a remote attacker to gain unauthorized access to protected information.
Recommendations
For Magento versions 2.4.1 and earlier, update to a version that includes a fix for the insecure direct object reference in the product module.
For Magento versions 2.4.0-p1 and earlier, update to a version that includes a fix for the insecure direct object reference in the product module.
For Magento versions 2.3.6 and earlier, update to a version that includes a fix for the insecure direct object reference in the product module.
Fix
IDOR
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Magento