{"containers": {"cna": {"affected": [{"product": "Magento Commerce", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "2.4.1", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "2.4.0-p1", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "2.3.6", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "None", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-02-09T00:00:00", "descriptions": [{"lang": "en", "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "description": "Insufficient Session Expiration (CWE-613)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-02-11T19:29:32", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "DATE_PUBLIC": "2021-02-09T23:00:00.000Z", "ID": "CVE-2021-21032", "STATE": "PUBLIC", "TITLE": "Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Magento Commerce", "version": {"version_data": [{"version_affected": "<=", "version_value": "2.4.1"}, {"version_affected": "<=", "version_value": "2.4.0-p1"}, {"version_affected": "<=", "version_value": "2.3.6"}, {"version_affected": "<=", "version_value": "None"}]}}]}, "vendor_name": "Adobe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation."}]}, "impact": {"cvss": {"attackComplexity": "None", "attackVector": "None", "availabilityImpact": "None", "baseScore": 5.7, "baseSeverity": "Medium", "confidentialityImpact": "None", "integrityImpact": "None", "privilegesRequired": "None", "scope": "None", "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient Session Expiration (CWE-613)"}]}]}, "references": {"reference_data": [{"name": "https://helpx.adobe.com/security/products/magento/apsb21-08.html", "refsource": "MISC", "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:01:12.490Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2021-21032", "datePublished": "2021-02-11T19:29:32.196685Z", "dateReserved": "2020-12-18T00:00:00", "dateUpdated": "2024-09-17T04:18:49.706Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "matchCriteriaId": "14B6B496-E849-4935-B3D8-8BDB8DDD59A3", "versionEndExcluding": "2.3.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "matchCriteriaId": "79C3A2B0-AE14-4D0F-BEE2-82FC00BE6087", "versionEndExcluding": "2.3.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:2.3.6:-:*:*:commerce:*:*:*", "matchCriteriaId": "F9C60780-1213-4D06-A4C4-CC915C952B7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:2.3.6:-:*:*:open_source:*:*:*", "matchCriteriaId": "3CCEDD72-7195-495C-A9B6-9D18BA9756F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:2.4.0:-:*:*:commerce:*:*:*", "matchCriteriaId": "05F799AA-CDC0-409F-BB7E-CB941D6FB189", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:2.4.0:-:*:*:open_source:*:*:*", "matchCriteriaId": "600AA27A-D2A8-41C3-8631-74ECF7453E78", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:2.4.0:p1:*:*:commerce:*:*:*", "matchCriteriaId": "67683B07-34CD-4DD2-A6C9-C71733007397", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:2.4.0:p1:*:*:open_source:*:*:*", "matchCriteriaId": "ECA32B69-E9D8-4C01-ACDC-E0F885D937FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:2.4.1:-:*:*:commerce:*:*:*", "matchCriteriaId": "80860D39-0D51-47B3-BA92-F473ADA1BBC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:2.4.1:-:*:*:open_source:*:*:*", "matchCriteriaId": "2ADFE661-AB9C-4387-AC4F-D14A0717C2B8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation."}, {"lang": "es", "value": "Magento versiones 2.4.1 (y anteriores), versiones 2.4.0-p1 (y anteriores) y versiones 2.3.6 (y anteriores), no invalidan adecuadamente las sesiones de usuario.&#xa0;Una explotaci\u00f3n con \u00e9xito de este problema podr\u00eda conllevar a un acceso no autorizado a recursos restringidos.&#xa0;No es requerido un acceso a la consola de administraci\u00f3n para una explotaci\u00f3n con \u00e9xito"}], "id": "CVE-2021-21032", "lastModified": "2024-11-21T05:47:26.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "psirt@adobe.com", "type": "Secondary"}]}, "published": "2021-02-11T20:15:14.950", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/magento/apsb21-08.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "psirt@adobe.com", "type": "Secondary"}]}

{}

{}