The vulnerability of the Magento Commerce software platform for developing and managing online stores, related to improper authorization, allows a perpetrator to gain unauthorized access to protected information.

🗓️ 12 Nov 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Magento Commerce platform has improper authorization vulnerability enabling remote unauthorized access.

Reporter	Title	Published	Views	Family All 12
CNVD	Adobe Magento User Session Invalidation Vulnerability	20 Oct 202000:00	–	cnvd
CVE	CVE-2020-24401	9 Nov 202000:39	–	cve
Cvelist	CVE-2020-24401 Incorrect permissions following the deletion of a user role or deactivation of a user	9 Nov 202000:39	–	cvelist
EUVD	EUVD-2022-3669	3 Oct 202520:07	–	euvd
Github Security Blog	Magento 2 Community Edition Incorrect Authorization	24 May 202217:33	–	github
NVD	CVE-2020-24401	9 Nov 202001:15	–	nvd
OpenVAS	Magento < 2.3.6, 2.4.x < 2.4.1 Multiple Vulnerabilities (APSB20-59)	23 Oct 202000:00	–	openvas
OSV	BIT-MAGENTO-2020-24401 Incorrect permissions following the deletion of a user role or deactivation of a user	6 Mar 202411:08	–	osv
OSV	GHSA-F2G3-3C6Q-4478 Magento 2 Community Edition Incorrect Authorization	24 May 202217:33	–	osv
Prion	Authorization	9 Nov 202001:15	–	prion

Vulners

Node

adobe_systems magento_commerceRange<2.4.1

OR

adobe_systems magento_commerceRange<2.3.6

OR

adobe_systems magento_open_sourceRange<2.4.1

OR

adobe_systems magento_open_sourceRange<2.3.6

Source	Link
helpx	www.helpx.adobe.com/security/products/magento/apsb20-59.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-24401
cert	www.cert.civis.net/en/index.php
web	www.web.nvd.nist.gov/view/vuln/detail

12 Nov 2020 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 38.1

CVSS 28.5

EPSS0.02292

Magento Commerce improper authorization remote access protected information