PT-2021-6288 · Adobe · Magento Commerce
Published
2021-08-11
·
Updated
2022-05-24
·
CVE-2021-36030
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Magento Commerce versions 2.4.2 and earlier
Magento Commerce versions 2.4.2-p1 and earlier
Magento Commerce versions 2.3.7 and earlier
Description
The issue is related to improper input validation during the checkout process. An unauthenticated attacker can exploit this to alter the price of items. The vulnerability exists due to insufficient input validation, which can allow a remote attacker to bypass existing security restrictions.
Recommendations
For Magento Commerce versions 2.4.2 and earlier, update to a version that includes the fix for this issue.
For Magento Commerce versions 2.4.2-p1 and earlier, update to a version that includes the fix for this issue.
For Magento Commerce versions 2.3.7 and earlier, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the checkout process until a patch is available.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Magento Commerce