WEB APPLICATION VULNERABILITIES Standard & Premium

Magento Improper Authorization Vulnerability (CVE-2021-21022)

Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.

Remediation

References

Related Vulnerabilities

WordPress Plugin Yoast SEO Cross-Site Scripting (20.2)

ownCloud Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2015-3013)

Chamilo Other Vulnerability (CVE-2023-34962)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5296)

MySQL CVE-2014-2444 Vulnerability (CVE-2014-2444)

Severity

Medium

Classification

CVE-2021-21022 CWE-285 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities