CVE-2021-21013
Magento Commerce Insecure Direct Object Reference Could Lead To Information Disclosure
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Productos afectados
Adobe · Magento Commerce¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →