CVE-2021-28563 Vulnerability Details

  /     /     /  

CVE-2021-28563 Metadata Quick Info

CVE Published: 28/06/2021 | CVE Updated: 16/09/2024 | CVE Year: 2021
Source: adobe | Vendor: Adobe | Product: Magento Commerce
Status : PUBLISHED

---

CVE-2021-28563 Description

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper Authorization vulnerability via the \'Create Customer\' endpoint. Successful exploitation could lead to unauthorized modification of customer data by an unauthenticated attacker. Access to the admin console is required for successful exploitation.

Metrics

CVSS Version: 3.1 | Base Score: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-285
CWE Name: Improper Authorization (CWE-285)
Source: Adobe

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).