2 matches found
CVE-2022-24872
Shopware CVE-2022-24872 is an improper access‑control issue in the admin-api where permissions set to the sales channel context can be used within a normal user session. Affects Shopware platform (Symfony/Vue) across affected releases; remediation is to update to version 6.4.10.1. For 6.1–6.3, se...
CVE-2022-24872 Improper Access Control in shopware
Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security...