Lucene search
AdobeCVELIST:CVE-2021-36012HistorySep 01, 2021 - 2:28 p.m.
CVE-2021-36012 Magento Commerce Gift Card Business Logic Error
2021-09-0114:28:16
CWE-840
adobe
www.cve.org
8
magento commerce
gift card
business logic error
placeorder graphql
authenticated attacker
alter price
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
21.8%
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item.
CNA Affected
[
{
"product": "Magento Commerce",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.2-p1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.3.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-36012
2021-09-01 15:15:09
nvd
nvd
CVE-2021-36012
2021-09-01 15:15:09
osv
osv
CVE-2021-36012
2021-09-01 15:15:09
prion
prion
Code injection
2021-09-01 15:15:00
adobe
adobe
APSB21-64 Security updates available for Magento
2021-08-10 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
21.8%
Related for CVELIST:CVE-2021-36012