Description
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation.
Remediation
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2002-0840)
MySQL CVE-2020-14631 Vulnerability (CVE-2020-14631)
WordPress Plugin Google AdSense by BestWebSoft Cross-Site Scripting (1.29)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20415)
WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Request Forgery (3.0.8)