CVE-2021-21031

Summary

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.

Affected Software

VendorProductVersion RangeStatus
AdobeMagento.comunspecified <= 2.4.1affected
AdobeMagento.comunspecified <= 2.4.0-p1affected
AdobeMagento.comunspecified <= 2.3.6affected
AdobeMagento.comunspecified <= Noneaffected

Weaknesses

  • CWE-613: Insufficient Session Expiration (CWE-613)

ADP Enrichment

CVE Program Container

Additional References

References