CVE-2021-36043
8
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be enabled.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Adobe | Magento Commerce | unspecified <= 2.4.2 | affected |
| Adobe | Magento Commerce | unspecified <= 2.4.2-p1 | affected |
| Adobe | Magento Commerce | unspecified <= 2.3.7 | affected |
| Adobe | Magento Commerce | unspecified <= None | affected |
Weaknesses
- CWE-918: Server-Side Request Forgery (SSRF) (CWE-918)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.