Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.

Remediation

References

CVE-2021-21022

Related Vulnerabilities

WordPress Plugin InfiniteWP Client Unspecified Vulnerability (1.3.14)

Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21673)

WordPress Plugin WordPress for Google Maps-WP MAPS SQL Injection (4.1.3)

OpenSSL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2019-1559)

WordPress Plugin Brute Force Login Protection Cross-Site Scripting (1.5.2)

Severity

Medium

Classification

CVE-2021-21022 CWE-285 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities