Skip to main content

Violation of Secure Design Principles

CVE-2021-28583

Severity Medium
Score 4.2/10

Summary

Magento versions through 2.3.6-p1, 2.4.0 through 2.4.2 are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • REQUIRED
  • HIGH
  • HIGH
  • NONE

CWE-657 - Violation of Secure Design Principles

The product violates well-established principles for secure design.

Advisory Timeline

  • Published