PT-2021-6293 · Adobe · Magento Commerce

Published

2021-08-11

Updated

2021-09-08

CVE-2021-36035

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Magento Commerce versions 2.4.2 and earlier Magento Commerce versions 2.4.2-p1 and earlier Magento Commerce versions 2.3.7 and earlier

Description The issue exists due to insufficient input validation in the Magento Commerce platform, allowing a remote attacker to execute arbitrary code. An attacker with admin privileges could make a crafted request to the Adobe Stock API to achieve remote code execution.

Recommendations For Magento Commerce versions 2.4.2 and earlier, update to a version that includes the fix for the improper input validation vulnerability. For Magento Commerce versions 2.4.2-p1 and earlier, update to a version that includes the fix for the improper input validation vulnerability. For Magento Commerce versions 2.3.7 and earlier, update to a version that includes the fix for the improper input validation vulnerability.

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-20

Related Identifiers

BDU:2022-01265

CVE-2021-36035

Affected Products

Magento Commerce

PT-2021-6293 · Adobe · Magento Commerce

CVE-2021-36035

Weakness Enumeration

Related Identifiers

Affected Products

References · 4