Skip to main content

Magento Commerce

2 CVEs product

Monthly

CVE-2022-35692 PHP MEDIUM PATCH This Month

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Adobe Commerce Magento Commerce
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-21012 MEDIUM This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Authentication Bypass Magento Commerce Magento Open Source
NVD
CVSS 3.0
5.3
EPSS
4.0%
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Adobe Commerce +1
NVD
EPSS 4% CVSS 5.3
MEDIUM This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Authentication Bypass +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy