Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2021/02/09 12:0 a.m.7 views

PT-2021-2300 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to the lack of automatic termination of all sessions after a password change, which could allow a...

7.5CVSS5.9AI score0.01673EPSS
Exploits0References9
Cvelist
Cvelist
added 2020/11/09 12:39 a.m.27 views

CVE-2020-24403 Incorrect permissions could lead to unauthorized modification of inventory source data via REST API

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the...

2.7CVSS3AI score0.01611EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/10/15 11:0 p.m.3 views

CVE-2020-24406

When in maintenance mode, Magento version 2.4.0 and 2.3.4 and earlier are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify other exploitable...

4.3CVSS5AI score0.02053EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/10/15 12:0 a.m.4 views

PT-2020-4511 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.0 and 2.3.5p1 and earlier Description: The issue is related to incorrect authorization, allowing a user to access resources provisioned under their old role even after an administrator removes the role or disables the...

8.5CVSS6.4AI score0.02292EPSS
Exploits0References9
Rows per page
Query Builder