Vulnerability CVE-2021-21032


Published: 2021-02-11

Description:
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.

Type:

CWE-613

(Insufficient Session Expiration)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Magento -> Magento 

 References:
https://helpx.adobe.com/security/products/magento/apsb21-08.html

Copyright 2024, cxsecurity.com

 

Back to Top