Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.

Remediation

References

CVE-2021-21022

Related Vulnerabilities

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0310)

XWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2023-26476)

WordPress Plugin User Verification Security Bypass (1.0.93)

Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2513)

WordPress Plugin Blaze Slideshow 'upload.php' Arbitrary File Upload (2.4)

Severity

Medium

Classification

CVE-2021-21022 CWE-285 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities