CVE-2021-36024

{"id": "CVE-2021-36024", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2021-09-01T15:15:09.213", "references": [{"url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}, {"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution."}, {"lang": "es", "value": "Magento Commerce versiones 2.4.2 (y anteriores), versiones 2.4.2-p1 (y anteriores), y versiones 2.3.7 (y anteriores), est\u00e1n afectadas por una Neutralizaci\u00f3n inapropiada de elementos especiales usados en un comando por medio del endpoint de recogida de datos. Un atacante con privilegios de administrador puede cargar un archivo especialmente dise\u00f1ado para lograr una ejecuci\u00f3n de c\u00f3digo remota"}], "lastModified": "2022-04-25T17:26:16.283", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:adobe_commerce:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72F005E6-8523-49FF-91F7-644BC737DDEF", "versionEndIncluding": "2.3.7", "versionStartIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:adobe:adobe_commerce:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "260156B9-9CEF-4732-AD94-7D3CCD784F1D", "versionEndIncluding": "2.4.2", "versionStartIncluding": "2.4.0"}, {"criteria": "cpe:2.3:a:adobe:adobe_commerce:2.4.2:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C711D725-10E3-4A9C-AAD8-9B1766CB42F0"}, {"criteria": "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "052A5E47-66AF-4F60-8949-E2B6CE98AEE9", "versionEndIncluding": "2.3.7", "versionStartIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADE9F2A6-575A-48DA-ACE4-B22ABB275B6B", "versionEndIncluding": "2.4.2", "versionStartIncluding": "2.4.0"}, {"criteria": "cpe:2.3:a:adobe:magento_open_source:2.4.2:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F768F94-34F1-4FB8-8D96-3BBC9D6B8C89"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}