← Voltar para CVEs
CVE-2021-32758
HIGH7.2
Descricao
OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched.
Detalhes CVE
Pontuacao CVSS v3.17.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado8/27/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
openmage:openmage
Fraquezas (CWE)
CWE-91
Referencias
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15(security-advisories@github.com)
https://github.com/OpenMage/magento-lts/releases/tag/v20.0.11(security-advisories@github.com)
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-26rr-v2j2-25fh(security-advisories@github.com)
https://github.com/OpenMage/magento-lts/releases/tag/v19.4.15(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenMage/magento-lts/releases/tag/v20.0.11(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-26rr-v2j2-25fh(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.