PT-2021-3430 · Adobe · Magento
Published
2021-05-11
·
Updated
2024-03-06
·
CVE-2021-28567
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Magento versions 2.4.2 and earlier
Magento versions 2.4.1-p1 and earlier
Magento versions 2.3.6-p1 and earlier
Description
The issue is related to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation. This vulnerability may also allow a remote attacker to access confidential information and modify user data.
Recommendations
For Magento versions 2.4.2 and earlier, update to a version that includes the fix for this issue.
For Magento versions 2.4.1-p1 and earlier, update to a version that includes the fix for this issue.
For Magento versions 2.3.6-p1 and earlier, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the customers module to minimize the risk of exploitation.
Fix
Incorrect Authorization
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Magento