← Volver a CVEs
CVE-2022-24872
HIGH8.1
Descripcion
Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.
Detalles CVE
Puntuacion CVSS v3.18.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado4/20/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
shopware:shopware
Debilidades (CWE)
CWE-732CWE-732
Referencias
https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022(security-advisories@github.com)
https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c(security-advisories@github.com)
https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc(security-advisories@github.com)
https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/shopware/platform/security/advisories/GHSA-9wrv-g75h-8ccc(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.