Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.
References
Link | Resource |
---|---|
https://helpx.adobe.com/security/products/magento/apsb21-08.html | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Jun 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account. |
11 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure. |
03 Jun 2021, 18:27
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.5
v3 : 8.1 |
CWE | CWE-863 |
27 May 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account. |
25 May 2021, 13:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:* |
cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:* cpe:2.3:a:adobe:magento:*:*:*:*:commerce:*:*:* |
References | (MISC) https://helpx.adobe.com/security/products/magento/apsb21-08.html - Release Notes, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
CWE | CWE-639 |
Information
Published : 2021-01-13 23:15
Updated : 2024-02-04 21:23
NVD link : CVE-2021-21013
Mitre link : CVE-2021-21013
CVE.ORG link : CVE-2021-21013
JSON object : View
Products Affected
adobe
- magento