CVE-2021-21012 vulnerability in Adobe Products
Published on January 13, 2021
Magento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information Disclosure
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure.
Weakness Type
What is an Insecure Direct Object Reference / IDOR Vulnerability?
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CVE-2021-21012 has been classified to as an Insecure Direct Object Reference / IDOR vulnerability or weakness.
Products Associated with CVE-2021-21012
stack.watch emails you whenever new vulnerabilities are published in Adobe Magento Open Source or Adobe Magento Commerce. Just hit a watch button to start following.
Affected Versions
Adobe Magento Commerce:- Version unspecified, <= 2.4.1 is affected.
- Version unspecified, <= 2.4.0-p1 is affected.
- Version unspecified, <= 2.3.6 is affected.
- Version unspecified, <= None is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.