2 matches found
CVE-2024-4153
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Magento Insufficient authorization check when adding users to company accounts
An insecure direct object reference IDOR vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing us...