WEB APPLICATION VULNERABILITIES Standard & Premium

Magento Insufficient Session Expiration Vulnerability (CVE-2021-21032)

Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.

Remediation

References

Related Vulnerabilities

MongoDb Other Vulnerability (CVE-2019-20923)

WordPress 3.9.x Prototype Pollution (3.9 - 3.9.35)

WordPress Plugin ZeenShare Cross-Site Scripting (1.0.1)

WordPress Plugin Map Block for Google Maps Unspecified Vulnerability (1.31)

WordPress 2.0.3 Multiple Unspecified Security Vulnerabilities (2.0 - 2.0.3)

Severity

Medium

Classification

CVE-2021-21032 CWE-613 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities