Adobe Commerce Security Vulnerabilities and Issues — Adobe Commerce CVE List

Lucene search

AdobeAdobe Commerce

3 matches found

CVE•added 2021/09/01 3:15 p.m.•68 views

CVE-2021-36031

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the theme[preview_image] parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.

7.2CVSS7.3AI score0.1031EPSS

CVE•added 2021/09/01 3:15 p.m.•62 views

CVE-2021-36044

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field.

7.5CVSS7.4AI score0.02345EPSS

CVE•added 2021/09/01 3:15 p.m.•44 views

CVE-2021-36030

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.

7.5CVSS7.5AI score0.01428EPSS