CVE-2021-21013

State: PUBLISHED · Published: 2021-01-13 · Updated: 2024-09-17 · Assigner: adobe

Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.

CWE

CWE-863 — Incorrect Authorization (CWE-863)

Affected

Adobe / Magento Commerce — v=unspecified ≤2.4.1 [affected]; v=unspecified ≤2.4.0-p1 [affected]; v=unspecified ≤2.3.6 [affected]; v=unspecified ≤None [affected]

CVSS

3.1 score=8.1 severity=HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References

https://helpx.adobe.com/security/products/magento/apsb21-08.html x_refsource_MISC

Source

cvelistV5-main/cves/2021/21xxx/CVE-2021-21013.json