Lucene search
GoogleOSV:CVE-2021-21020HistoryFeb 11, 2021 - 8:15 p.m.
CVE-2021-21020
2021-02-1120:15:14
Google
osv.dev
4
6.6 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
48.7%
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources.
| CPE | Name | Operator | Version |
|---|---|---|---|
| devdocs | eq | 0.42.0-beta1 | |
| devdocs | eq | 2.1.18 | |
| devdocs | eq | 2.2.0-RC1.1 | |
| devdocs | eq | 2.3.3 | |
| devdocs | eq | 0.1.0-alpha107 | |
| devdocs | eq | 0.42.0-beta2 | |
| devdocs | eq | 2.3.4 | |
| devdocs | eq | 2.2.2 | |
| devdocs | eq | 2.2.0-RC1.2 | |
| devdocs | eq | 2.1.8 |
Related
cve
cve
CVE-2021-21020
2021-02-11 20:15:00
osv
osv
Magento Improper Access Control
2022-05-24 17:41:55
BIT-magento-2021-21020
2024-03-06 11:01:10
prion
prion
Improper access control
2021-02-11 20:15:00
github
github
Magento Improper Access Control
2022-05-24 17:41:55
adobe
adobe
APSB21-08 Security updates available for Magento
2021-02-09 00:00:00
6.6 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
48.7%
Related for OSV:CVE-2021-21020