CVE-2021-36029

Name of the Vulnerable Software and Affected Versions Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) Magento Commerce version 2.3.7 (and earlier)

Description The issue is related to improper authorization in Magento Commerce, allowing an attacker with admin privileges to potentially achieve remote code execution. This could enable the attacker to bypass security functions and gain unauthorized access to protected information.

Recommendations For Magento Commerce versions 2.4.2 (and earlier) and 2.4.2-p1 (and earlier), update to a version that fixes the improper authorization issue. For Magento Commerce version 2.3.7 (and earlier), update to a version that fixes the improper authorization issue. As a temporary workaround, consider restricting access to admin privileges to minimize the risk of exploitation.