CVE-2021-36039

Summary

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the quoteId parameter. An attacker can abuse this vulnerability to disclose sensitive information.

Affected Software

VendorProductVersion RangeStatus
AdobeMagento Commerceunspecified <= 2.4.2affected
AdobeMagento Commerceunspecified <= 2.4.2-p1affected
AdobeMagento Commerceunspecified <= 2.3.7affected
AdobeMagento Commerceunspecified <= Noneaffected

Weaknesses

  • CWE-863: Incorrect Authorization (CWE-863)

ADP Enrichment

CVE Program Container

Additional References

References