CVE-2021-28583
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Adobe | Magento Commerce | unspecified <= 2.4.2 | affected |
| Adobe | Magento Commerce | unspecified <= 2.3.6-p1 | affected |
| Adobe | Magento Commerce | unspecified <= 2.4.1-p1 | affected |
| Adobe | Magento Commerce | unspecified <= None | affected |
Weaknesses
- CWE-657: Violation of Secure Design Principles (CWE-657)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.