CVE-2021-28567

State: PUBLISHED · Published: 2021-09-08 · Updated: 2024-09-17 · Assigner: adobe

Description

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation.

CWE

CWE-285 — Improper Authorization (CWE-285)

Affected

Adobe / Magento Commerce — v=unspecified ≤2.4.2 [affected]; v=unspecified ≤2.3.6-p1 [affected]; v=unspecified ≤2.4.1-p1 [affected]; v=unspecified ≤None [affected]

CVSS

3.0 score=5 severity=MEDIUM CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

References

https://helpx.adobe.com/security/products/magento/apsb21-30.html x_refsource_MISC

Source

cvelistV5-main/cves/2021/28xxx/CVE-2021-28567.json