Vulnerability Details CVE-2021-21013
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.7%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.5
References
Products affected by CVE-2021-21013
-
cpe:2.3:a:adobe:magento:*
-
cpe:2.3:a:adobe:magento:2.4.3
-
cpe:2.3:a:adobe:magento:2.4.4
-
cpe:2.3:a:adobe:magento:2.4.5
-
cpe:2.3:a:adobe:magento:2.4.6
-
cpe:2.3:a:adobe:magento:2.4.7
-
cpe:2.3:a:adobe:magento:2.4.8