CVE-2021-28567

Description

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are vulnerable to an Improper Authorization vulnerability in the customers module. Successful exploitation could allow a low-privileged user to modify customer data. Access to the admin console is required for successful exploitation.

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AttackVector

NETWORK

AttackComplexity

LOW

PrivilegesRequired

LOW

UserInteraction

NONE

Scope

UNCHANGED

ConfidentialityImpact

NONE

IntegrityImpact

HIGH

AvailabilityImpact

NONE

BaseScore

6.5

BaseSeverity

MEDIUM

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

4

VectorString

AV:N/AC:L/Au:S/C:N/I:P/A:N

Version

2.0

AccessVector

NETWORK

Authentication

SINGLE