CVE-2021-32710

EPSS 0.88%
Veröffentlicht 24.06.2021 20:15:09
Zuletzt bearbeitet 21.11.2024 06:07:34
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Potential Session Hijacking in Shopware

Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below 6.3.5.2. We recommend to update to the current version 6.3.5.2. You can get the update to 6.3.5.2 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1 and 6.2, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Shopware ≫ Shopware Version < 6.3.5.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.88%	0.543

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
security-advisories@github.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

https://github.com/shopware/platform/commit/010c0154bea57c1fca73277c7431d029db7a972e

Patch

Third Party Advisory

https://github.com/shopware/platform/security/advisories/GHSA-h9q8-5gv2-v6mg

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-32710

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-32710

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-32710

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-32710