CVE-2020-24402
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Adobe | Magento Commerce | unspecified <= 2.4.0 | affected |
| Adobe | Magento Commerce | unspecified <= 2.3.5p1 | affected |
| Adobe | Magento Commerce | unspecified <= None | affected |
Weaknesses
- CWE-276: Incorrect Default Permissions (CWE-276)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.