Unrated severityNVD Advisory· Published Jan 13, 2021· Updated Sep 17, 2024
Magento Commerce Insecure Direct Object Reference Could Lead To Information Disclosure
CVE-2021-21013
Description
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.
Affected products
2- Range: <=2.4.1, <=2.4.0-p1, <=2.3.6
- Range: unspecified
Patches
Vulnerability mechanics
References
1- helpx.adobe.com/security/products/magento/apsb21-08.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.