CVE-2021-21427
- EPSS 0.64%
- Veröffentlicht 21.04.2021 21:15:08
- Zuletzt bearbeitet 21.11.2024 05:48:20
Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of...
CVE-2021-21426
- EPSS 0.41%
- Veröffentlicht 21.04.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 05:48:20
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4....
CVE-2020-15244
- EPSS 0.87%
- Veröffentlicht 21.10.2020 20:15:13
- Zuletzt bearbeitet 21.11.2024 05:05:10
In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched ...