CVE-2022-36101

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Shopware versions prior to 5.7.15

Description The request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. There are no known workarounds for this issue.

Recommendations For versions prior to 5.7.15, update to version 5.7.15 via the Auto-Updater or directly via the download overview. For older versions, consider using the Security Plugin as a mitigation measure until the update to 5.7.15 can be applied.

Exploit

Fix

Information Disclosure

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-312

Related Identifiers

CVE-2022-36101

GHSA-6VFQ-JMXG-G58R

Affected Products

Shopware

CVE-2022-36101

Weakness Enumeration

Related Identifiers

Affected Products

References · 11