Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.

Remediation

References

CVE-2021-21031

Related Vulnerabilities

WordPress Plugin Olevmedia Shortcodes Cross-Site Scripting (1.1.8)

WordPress Plugin Use Any Font Unspecified Vulnerability (4.3.6)

WordPress Plugin Appointment Booking Calendar Cross-Site Scripting (1.3.18)

Liferay Portal Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2021-29040)

WordPress Plugin WP Favorite Posts Cross-Site Scripting (1.6.5)

Severity

Medium

Classification

CVE-2021-21031 CWE-613 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities