CVE-2021-28567
08.09.2021, 17:15
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| magento | magento | 𝑥 ≤ 2.4.2 |
| magento | magento | 𝑥 ≤ 2.4.2 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| adobe | magento_commerce | 𝑥 ≤ 2.4.2 | CNA |
Common Weakness Enumeration
- CWE-285 - Improper AuthorizationThe software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.