CVE-2021-36029
Magento improper authorization vulnerability
7.2
HIGH
CVSS 3.1
EPSS 3.5%
Description
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.
How to fix CVE-2021-36029
To remediate CVE-2021-36029, upgrade the affected package to a fixed version below.
- —upgrade to 2.3.7-p1 or later
- —no fix listed
Is CVE-2021-36029 being exploited?
Low — EPSS is 3.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.3.7-p1
- from 0, <= 2.0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |