Improper Authorization Vulnerability in Magento Commerce Versions 2.4.2 and Earlier

Improper Authorization Vulnerability in Magento Commerce Versions 2.4.2 and Earlier

CVE-2021-36029 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.

Learn more about our Web Application Penetration Testing UK.