CVE-2021-21026

Magento exposes an improper authorization vulnerability in the integrations module affecting Magento Community/OOS and Commerce editions: versions 2.4.1 and earlier, 2.4.0-p1 and earlier, and 2.3.6 and earlier are impacted. The root cause is improper authorization, potentially allowing an unauthe...

PT-2021-2309 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to improper authorization in the integrations module of Magento Commerce, which can be exploited by ...

CVE-2021-3152

Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Hom...

Directory traversal

DISPUTED Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant;...

CVE-2021-3152

Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Hom...

PT-2021-19401

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2021.1.3 Description The issue is related to a lack of protection against directory-traversal attacks in custom integrations. It is noted that the vendor views the vulnerability as being in custom integrations...

WhatsApp Will Disable Your Account If You Don't Agree Sharing Data With Facebook

"Respect for your privacy is coded into our DNA," opens WhatsApp's privacy policy. "Since we started WhatsApp, we've aspired to build our Services with a set of strong privacy principles in mind." But come February 8, 2021, this opening statement will no longer find a place in the policy. The...

SIRAS - Security Incident Response Automated Simulations

Security Incident Response Automated Simulations SIRAS are internal/controlled actions that provide a structured opportunity to practice the incident response plan and procedures during a realistic scenarios. the main idea of SIRAS is create an detection-as-a-code testing scenarios to facilitate...

CVE-2020-24402

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorizati...

CVE-2020-24404

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization...

CVE-2020-24402

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorizati...

CVE-2020-24404

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization...

Design/Logic Flaw

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorizati...

Design/Logic Flaw

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization...

CVE-2020-24404

Summary (CVE-2020-24404): Magento Open Source platforms 2.4.0 and 2.3.5p1 (and earlier) have an incorrect permissions vulnerability in the Integrations component. It can be exploited by users who have Pages resource permissions to delete CMS pages via the REST API without authorization, exposing ...

CVE-2020-24404 Incorrect permissions in Integrations component could lead to unauthorized deletion of cmsPages via REST API

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization...

CVE-2020-24402

Magento 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. The issue allows authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization. This is rooted in impro...

CVE-2020-24402 Incorrect permissions in the Integrations component could lead to unauthorized deletion of customer details via REST API

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorizati...

PT-2020-4578 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.0 and 2.3.5p1 and earlier Description: The issue is related to an incorrect permissions vulnerability in the Integrations component of Magento. This could allow authenticated users with permissions to the Resource Access...

pocsuite3

Based on the provided code and metadata, here is a compact paragraph of 5-7 sentences summarizing the analysis: pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine...