CVE-2021-36030

State: PUBLISHED · Published: 2021-09-01 · Updated: 2024-09-17 · Assigner: adobe

Description

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.

CWE

CWE-20 — Improper Input Validation (CWE-20)

Affected

Adobe / Magento Commerce — v=unspecified ≤2.4.2 [affected]; v=unspecified ≤2.4.2-p1 [affected]; v=unspecified ≤2.3.7 [affected]; v=unspecified ≤None [affected]

CVSS

3.1 score=7.5 severity=HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

https://helpx.adobe.com/security/products/magento/apsb21-64.html x_refsource_MISC

Source

cvelistV5-main/cves/2021/36xxx/CVE-2021-36030.json