← Back

Magento Commerce

magento_commerce

Vendor: Adobe • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-35692
1Adobe
2Commerce
Magento Commerce
Nov 21, 2024
Aug 19, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could le...Show more
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user's account detials. Exploitation of this issue does not require user interaction.Show less
CVE-2021-21012
1Adobe
2Magento Commerce
Magento Open Source
Nov 21, 2024
Jan 13, 2021
N/A· v4
5.3 MEDIUM· v3
4.3 MEDIUM· v2
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitiv...Show more
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure.Show less