Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. Successful exploitation could lead to unauthorized access to restricted resources.

Remediation

References

CVE-2021-21022

Related Vulnerabilities

MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-35475)

WordPress Plugin PictPress 'resize.php' Multiple Local File Include Vulnerabilities (1.0)

Lighttpd Uncontrolled Resource Consumption Vulnerability (CVE-2022-30780)

Craft CMS Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-41824)

Java Multiple Vulnerabilities (CVE-2018-13785)

Severity

Medium

Classification

CVE-2021-21022 CWE-285 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities