Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.
References
Link | Resource |
---|---|
https://helpx.adobe.com/security/products/magento/apsb21-08.html | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: adobe
Published: 2021-02-09T00:00:00
Updated: 2021-06-28T12:41:38
Reserved: 2020-12-18T00:00:00
Link: CVE-2021-21013
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-01-13T23:15:14.493
Modified: 2022-08-05T19:30:32.863
Link: CVE-2021-21013
JSON object: View
Redhat Information
No data.