PT-2021-3426 · Adobe · Magento
Published
2021-05-11
·
Updated
2024-03-06
·
CVE-2021-28583
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Magento versions 2.4.2 and earlier
Magento versions 2.4.1-p1 and earlier
Magento versions 2.3.6-p1 and earlier
Description
The issue is related to a Violation of Secure Design Principles vulnerability in RMA PDF filename formats, which could allow an attacker to gain unauthorized access to restricted resources. It is also associated with inadequate access control, potentially enabling a remote attacker to access protected data.
Recommendations
For Magento versions 2.4.2 and earlier, update to a version that addresses the Violation of Secure Design Principles vulnerability in RMA PDF filename formats.
For Magento versions 2.4.1-p1 and earlier, update to a version that addresses the Violation of Secure Design Principles vulnerability in RMA PDF filename formats.
For Magento versions 2.3.6-p1 and earlier, update to a version that addresses the Violation of Secure Design Principles vulnerability in RMA PDF filename formats.
As a temporary workaround, consider restricting access to RMA PDF filename formats until a patch is available.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Magento