CVE-2021-36029

CRITICAL

Adobe Commerce/Magento Open Source <=2.4.2-p1 - Admin Authorization Bypass Code Execution

Title source: manual

Description

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://helpx.adobe.com/security/products/magento/apsb21-64.html

Scores

CVSS v3 9.1

EPSS 0.0345

EPSS Percentile 87.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-285

Status published

Products (6)

adobe/adobe_commerce 2.4.2 p1

adobe/adobe_commerce 2.3.0 - 2.3.7

adobe/magento_open_source 2.4.2 p1

adobe/magento_open_source 2.3.0 - 2.3.7

magento/community-edition 0 - 2.3.7-p1Packagist

magento/project-community-edition 0Packagist

Published Sep 01, 2021

Tracked Since Feb 18, 2026