Lucene search
GitHub_MCVELIST:CVE-2021-41144HistoryJan 27, 2023 - 6:08 p.m.
CVE-2021-41144 OpenMage LTS authenticated remote code execution through layout update
2023-01-2718:08:42
CWE-77
GitHub_M
www.cve.org
4
openmage e-commerce platform
layout update
remote code execution
authenticated
cve-2021-41144
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.001
Percentile
48.9%
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
CNA Affected
[
{
"vendor": "OpenMage",
"product": "magento-lts",
"versions": [
{
"version": "< 19.4.22",
"status": "affected"
},
{
"version": ">= 20.0.0, < 20.0.19",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2021-41144
2023-01-27 19:15:09
github
github
Fix for authenticated remote code execution through layout update
2023-01-27 00:56:39
veracode
veracode
Remote Code Execution (RCE)
2023-02-02 04:51:06
osv
osv
CVE-2021-41144
2023-01-27 19:15:09
Fix for authenticated remote code execution through layout update
2023-01-27 00:56:39
prion
prion
Design/Logic Flaw
2023-01-27 19:15:00
cve
cve
CVE-2021-41144
2023-01-27 19:15:09
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.001
Percentile
48.9%
Related for CVELIST:CVE-2021-41144