2 matches found
CVE-2021-21012
CVE-2021-21012 is an IDOR in Magento checkout that, per multiple documents, affects Magento Open Source and Commerce variants up to 2.4.1 (and earlier) and 2.3.6 (and earlier), enabling potentially sensitive information disclosure via insecure direct object references in the checkout module. The ...
CVE-2022-35692
Adobe Commerce/Open Source Magento 2.x versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier, and 2.4.4 and earlier are affected by an Improper Access Control vulnerability that could bypass security features and allow leakage of minor information from another user’s account. Exploitation does not ...