CVE-2020-24404
2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Summary
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Adobe | Magento Commerce | unspecified <= 2.4.0 | affected |
| Adobe | Magento Commerce | unspecified <= 2.3.5p1 | affected |
| Adobe | Magento Commerce | unspecified <= None | affected |
Weaknesses
- CWE-285: Improper Authorization (CWE-285)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.