Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization. Adobe Vulnerability Report:This vulnerability could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass...

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization. Adobe Vulnerability Report:This vulnerability could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerabilit...

Access Control Bypass

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Access Control Bypass enabling the bypass of a security feature. Remediation There is no fixed version for magento/project-community-edition...

Improper Check for Unusual or Exceptional Conditions

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions enabling the bypass of a security feature. Remediation There is no fixed version for...

Access Control Bypass

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Access Control Bypass that could allow a privileged attacker to escalate privileges. Remediation There is no fixed version for...

Access Control Bypass

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Access Control Bypass that could enable a privileged attacker to escalate privileges. Remediation There is no fixed version for...

Improper Authorization

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Improper Authorization enabling bypass of a security feature. Remediation There is no fixed version for magento/project-community-edition. Reference...

Information Exposure

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Information Exposure which could allow a privileged attacker to escalate privileges. Remediation There is no fixed version for...

Improper Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization. An attacker can gain access to minor information by sending crafted requests with low privileges. Remediation Upgrade magento/community-edition to...

Denial of Service (DoS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Denial of Service DoS through the resource allocation process. An attacker can cause a minor application denial-of-service by sending crafted requests that exhaust system...

SQL Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to SQL Injection through the manipulation of SQL queries. An attacker can execute arbitrary code on the system by injecting malicious SQL commands into the input fields that a...

Improper Authorization

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Improper Authorization due to improper handling of authorization checks. An attacker can bypass security features and access unauthorized data witho...

Command Injection

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Command Injection via the command execution interface. An attacker can execute arbitrary code by injecting malicious commands into the system. This ...

Improper Input Validation

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Input Validation through the input validation process. An attacker with administrative privileges can bypass certain security features, impacting the availability ...

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization due to improper handling of authorization logic. An attacker can bypass security measures and access sensitive user data without requiring user...

Incorrect Authorization

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Incorrect Authorization through the authorization mechanism. A privileged attacker can modify minor functionalities of another user's data without...

Access Control Bypass

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Access Control Bypass due to improper handling of access controls. An attacker can bypass security features and impact the availability of a user's...

Command Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Command Injection via the Data collection endpoint. An attacker can execute arbitrary commands on the underlying system by uploading a specially crafted file. Remediation...

October 2020 Adobe Flash Security Update

This security update addresses the following vulnerability, which is described in Adobe Security Bulletin APSB20-58: CVE-2020-9746 Please note that in the event of any discrepancies. the definitive source of information for example, vulnerability severity and impact is the Adobe Flash bulletin as...

Adobe Releases Security Updates for Magento

Adobe has released security updates to address vulnerabilities in Magento Commerce 2 formerly known as Magento Enterprise Edition and Magento Open Source 2 formerly known as Magento Community Edition. An attacker could exploit some of these vulnerabilities to take control of an affected system. T...