The vulnerability of the Magento Commerce software platform for developing and managing online stores lies in the lack of automatic termination of all sessions after changing passwords. This allows attackers to gain unauthorized access to limited resources.

🗓️ 25 Mar 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Magento Commerce lacks session termination after password changes, enabling unauthorized access.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2021-21031	11 Feb 202122:47	–	circl
CNNVD	Magento Commerce 和 Magento Open Source editions 代码问题漏洞	9 Feb 202100:00	–	cnnvd
CNVD	Adobe Magento User Session Invalidation Deficiency Vulnerability	10 Feb 202100:00	–	cnvd
CVE	CVE-2021-21031	11 Feb 202119:28	–	cve
Cvelist	CVE-2021-21031 Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access	11 Feb 202119:28	–	cvelist
EUVD	EUVD-2022-2381	3 Oct 202520:07	–	euvd
Github Security Blog	Magento Insufficient Session Expiration	24 May 202217:41	–	github
NVD	CVE-2021-21031	11 Feb 202120:15	–	nvd
OSV	BIT-MAGENTO-2021-21031 Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access	6 Mar 202410:59	–	osv
OSV	GHSA-4H3P-63X6-VWG2 Magento Insufficient Session Expiration	24 May 202217:41	–	osv

Vulners

Node

adobe_systems magento_commerceRange<2.3.6-p1

OR

adobe_systems magento_commerceRange<2.4.1-p1

OR

adobe_systems magento_commerceRange<2.4.2

OR

adobe_systems magento_open_sourceRange<2.3.6-p1

OR

adobe_systems magento_open_sourceRange<2.4.1-p1

OR

adobe_systems magento_open_sourceRange<2.4.2

Source	Link
helpx	www.helpx.adobe.com/security/products/magento/apsb21-08.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-21031
web	www.web.nvd.nist.gov/view/vuln/detail

28 Nov 2024 00:00Current

6Medium risk

Vulners AI Score6

CVSS 35.6

CVSS 27.5

EPSS0.01673

Magento Commerce session termination password change unauthorized access limited resources