PT-2021-3433 · Adobe · Magento
Published
2021-05-11
·
Updated
2024-03-06
·
CVE-2021-28585
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Magento versions 2.4.2 and earlier
Magento versions 2.4.1-p1 and earlier
Magento versions 2.3.6-p1 and earlier
Description
The issue is related to improper input validation in the New customer WebAPI, which could allow an attacker to send unsolicited spam emails. Exploitation of this issue may enable a remote attacker to bypass security features in the target system using a specially crafted PDF file.
Recommendations
For Magento versions 2.4.2 and earlier, update to a version that includes the fix for the improper input validation issue.
For Magento versions 2.4.1-p1 and earlier, update to a version that includes the fix for the improper input validation issue.
For Magento versions 2.3.6-p1 and earlier, update to a version that includes the fix for the improper input validation issue.
As a temporary workaround, consider restricting access to the New customer WebAPI to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Magento