Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.

Remediation

References

CVE-2021-21022

Related Vulnerabilities

PHP Out-of-bounds Write Vulnerability (CVE-2022-4900)

Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2016-4068)

CrushFTP Server Improper Validation of Integrity Check Value Vulnerability (CVE-2023-48795)

WordPress Plugin WordPress WP-Advanced-Search Cross-Site Request Forgery (3.3.8)

WordPress Plugin WP to Twitter Cross-Site Request Forgery (3.2.9)

Severity

Medium

Classification

CVE-2021-21022 CWE-285 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities