Description
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.
Remediation
References
Related Vulnerabilities
Apache Tomcat Improper Authentication Vulnerability (CVE-2012-5886)
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3923)
Next.js Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2022-36046)
WordPress Plugin Billplz for WooCommerce Unspecified Vulnerability (3.10)