Improper Authorization

CVE-2021-36029

High

9.1/10

Summary

Magento Commerce in versions prior to 2.3.7-p1, 2.4.2 prior to 2.4.2-p2 and magento/project-community-edition versions through 2.0.2 are affected by an improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-285 - Improper Authorization

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References

Advisory
Advisory

Advisory Timeline

Published Sep 01, 2021

Improper Authorization

CVE-2021-36029

Summary

CWE-285 - Improper Authorization

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS