CVE-2021-36030

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
adobeCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
adobeadobe_commerce
2.3.0 ≤
𝑥
≤ 2.3.7
adobeadobe_commerce
2.4.0 ≤
𝑥
≤ 2.4.2
adobeadobe_commerce
2.4.2:p1
adobemagento_open_source
2.3.0 ≤
𝑥
≤ 2.3.7
adobemagento_open_source
2.4.0 ≤
𝑥
≤ 2.4.2
adobemagento_open_source
2.4.2:p1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
adobemagento_commerce
𝑥
≤ 2.4.2
CNA
adobemagento_commerce
𝑥
≤ 2.3.7
CNA
Common Weakness Enumeration
References
https://helpx.adobe.com/security/products/magento/apsb21-64.html
https://helpx.adobe.com/security/products/magento/apsb21-64.html