5.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
60.4%
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure.
Vendor | Product | Version | CPE |
---|---|---|---|
adobe | magento_commerce | * | cpe:2.3:a:adobe:magento_commerce:*:*:*:*:*:*:*:* |
adobe | magento_commerce | * | cpe:2.3:a:adobe:magento_commerce:*:-p1:*:*:*:*:*:* |
adobe | magento_commerce | * | cpe:2.3:a:adobe:magento_commerce:*:*:*:*:*:*:*:* |
More