Adobe

Adobe Commerce

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-36030

  • EPSS 1.43%
  • Veröffentlicht 01.09.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:12:59

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter...

6.5

CVE-2021-36031

  • EPSS 10.31%
  • Veröffentlicht 01.09.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:12:59

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. An attacker with admin privileges could leverage this vulnerability...

8.8

CVE-2021-36032

  • EPSS 0.91%
  • Veröffentlicht 01.09.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:12:59

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/m...

7.2

CVE-2021-36033

  • EPSS 11.33%
  • Veröffentlicht 01.09.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:12:59

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges can trigger a specially crafted script to achieve re...

7.2

CVE-2021-36034

  • EPSS 5.48%
  • Veröffentlicht 01.09.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:12:59

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code exe...

7.2

CVE-2021-36035

  • EPSS 7.25%
  • Veröffentlicht 01.09.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:12:59

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges could make a crafted request to the Adobe Stock API to achieve...

4

CVE-2021-36037

  • EPSS 0.9%
  • Veröffentlicht 01.09.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:13:00

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An authenticated attacker could leverage this vulnerability to achieve sensitive informati...

4

CVE-2021-36038

  • EPSS 1.46%
  • Veröffentlicht 01.09.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:13:00

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achie...