Lucene search
HistoryJan 27, 2023 - 7:15 p.m.
CVE-2021-41144
openmage lts
e-commerce platform
block blacklist
remote code
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
48.9%
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.
Affected configurations
Node
openmagemagentoRange<19.4.22lts
ORopenmagemagentoRange20.0.0–20.0.19lts
Related
github
github
Fix for authenticated remote code execution through layout update
2023-01-27 00:56:39
veracode
veracode
Remote Code Execution (RCE)
2023-02-02 04:51:06
osv
osv
CVE-2021-41144
2023-01-27 19:15:09
Fix for authenticated remote code execution through layout update
2023-01-27 00:56:39
prion
prion
Design/Logic Flaw
2023-01-27 19:15:00
cvelist
cvelist
cve
cve
CVE-2021-41144
2023-01-27 19:15:09
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
48.9%
Related for NVD:CVE-2021-41144