Lucene search
HistoryJan 13, 2021 - 11:15 p.m.
CVE-2021-21012
magento
vulnerability
idor
checkout
sensitive information disclosure
nvd
cve-2021-21012
5.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
60.4%
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure.
| Vendor | Product | Version | CPE |
|---|---|---|---|
| adobe | magento_commerce | * | cpe:2.3:a:adobe:magento_commerce:*:*:*:*:*:*:*:* |
| adobe | magento_commerce | * | cpe:2.3:a:adobe:magento_commerce:*:-p1:*:*:*:*:*:* |
| adobe | magento_commerce | * | cpe:2.3:a:adobe:magento_commerce:*:*:*:*:*:*:*:* |
Social References
More
Related
prion
prion
Information disclosure
2021-01-13 23:15:00
osv
osv
CVE-2021-21012
2021-01-13 23:15:14
nessus
nessus
Adobe Bridge 11.0 < 11.0.1 Multiple Vulnerabilities (APSB21-07)
2021-03-10 00:00:00
Adobe Bridge 11.0 < 11.0.1 Multiple Vulnerabilities (APSB21-07)
2021-03-10 00:00:00
adobe
adobe
APSB21-07 Security update available for Adobe Bridge
2021-01-12 00:00:00
APSB21-08 Security updates available for Magento
2021-02-09 00:00:00
threatpost
threatpost
Adobe Fixes 7 Critical Flaws, Blocks Flash Player Content
2021-01-12 17:13:28
5.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
60.4%
Related for CVE-2021-21012