Filtered by vendor Adobe
Subscriptions
Filtered by product Adobe Commerce
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36038 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-09-16 | 6.5 Medium |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure. | ||||
| CVE-2021-36044 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-09-16 | 7.5 High |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could abuse this vulnerability to cause a server-side denial-of-service using a GraphQL field. | ||||
| CVE-2021-36029 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-09-16 | 9.1 Critical |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution. | ||||
| CVE-2021-36024 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-09-16 | 9.1 Critical |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution. | ||||
| CVE-2021-36022 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-09-16 | 9.1 Critical |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution. | ||||
| CVE-2021-36034 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-09-16 | 9.1 Critical |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution. | ||||