PT-2021-6734 · Adobe · Magento
Published
2021-08-11
·
Updated
2024-03-06
·
CVE-2021-36021
CVSS v2.0
8.5
High
| Vector | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier)
Magento versions 2.3.7 (and earlier)
Description
The issue is caused by improper input validation within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code execution on the system. The vulnerability can be exploited by a remote attacker to execute arbitrary code.
Recommendations
For Magento versions 2.4.2 (and earlier) and 2.4.2-p1 (and earlier), update to a version that includes the fix for the improper input validation vulnerability.
For Magento versions 2.3.7 (and earlier), update to a version that includes the fix for the improper input validation vulnerability.
As a temporary workaround, consider restricting access to the CMS page scheduled update feature to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Magento