Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2021-01-13T22:35:54.370195Z

Updated: 2024-09-17T02:28:00.147Z

Reserved: 2020-12-18T00:00:00

Link: CVE-2021-21013

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-01-13T23:15:14.493

Modified: 2022-08-05T19:30:32.863

Link: CVE-2021-21013

cve-icon Redhat

No data.