PT-2021-6289 · Adobe · Magento Commerce
Published
2021-08-11
·
Updated
2022-05-24
·
CVE-2021-36038
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Magento Commerce versions 2.4.2 and earlier
Magento Commerce versions 2.4.2-p1 and earlier
Magento Commerce versions 2.3.7 and earlier
Description
The issue exists due to insufficient input validation in the Magento Commerce platform, allowing a remote attacker to bypass existing security restrictions. An authenticated attacker could exploit this vulnerability to disclose sensitive information, specifically through the Multishipping Module.
Recommendations
For Magento Commerce versions 2.4.2 and earlier, update to a version that includes proper input validation to prevent exploitation.
For Magento Commerce versions 2.4.2-p1 and earlier, update to a version that includes proper input validation to prevent exploitation.
For Magento Commerce versions 2.3.7 and earlier, update to a version that includes proper input validation to prevent exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Magento Commerce