Description
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-5782 Vulnerability (CVE-2013-5782)
WordPress Plugin Image News slider Arbitrary File Upload (3.5)
Atlassian Confluence Uncontrolled Search Path Element Vulnerability (CVE-2021-43940)
WordPress Plugin TweetScribe Cross-Site Request Forgery (1.1)
Jenkins Improper Input Validation Vulnerability (CVE-2018-1999002)