CVE-2020-24403 Vulnerability Details

  /     /     /  

CVE-2020-24403 Metadata Quick Info

CVE Published: 09/11/2020 | CVE Updated: 16/09/2024 | CVE Year: 2020
Source: adobe | Vendor: Adobe | Product: Magento Commerce
Status : PUBLISHED

---

CVE-2020-24403 Description

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API.

Metrics

CVSS Version: 3.1 | Base Score: 2.7 LOW
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-285
CWE Name: Improper Authorization (CWE-285)
Source: Adobe

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).