CVE-2021-36023

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/magento/apsb21-64.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:magento:magento:::::commerce:::*
	cpe:2.3:a:magento:magento:::::open_source:::*
	cpe:2.3:a:magento:magento:::::commerce:::*
	cpe:2.3:a:magento:magento:::::open_source:::*
	cpe:2.3:a:magento:magento:2.3.7:-:::commerce:::*
	cpe:2.3:a:magento:magento:2.3.7:-:::open_source:::*
	cpe:2.3:a:magento:magento:2.4.2:-:::commerce:::*
	cpe:2.3:a:magento:magento:2.4.2:-:::open_source:::*
	cpe:2.3:a:magento:magento:2.4.2:p1:::commerce:::*
	cpe:2.3:a:magento:magento:2.4.2:p1:::open_source:::*

History

No history.

Information

Published : 2023-09-06 14:15

Updated : 2023-09-11 19:05

NVD link : CVE-2021-36023

Mitre link : CVE-2021-36023

CVE.ORG link : CVE-2021-36023

JSON object : View

Products Affected

magento

magento

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2021-36023", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2023-09-06T14:15:08.950", "references": [{"url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution."}, {"lang": "es", "value": "Las versiones 2.4.2 (y anteriores), 2.4.2-p1 (y anteriores) y 2.3.7 (y anteriores) de Magento Commerce est\u00e1n afectadas por una vulnerabilidad de inyecci\u00f3n XML en el dise\u00f1o de actualizaci\u00f3n de widgets. Un atacante con privilegios de administrador puede desencadenar un script especialmente manipulado para lograr la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2023-09-11T19:05:35.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "vulnerable": true, "matchCriteriaId": "727FB993-9F35-40EA-BF41-E4757F21C5FE", "versionEndExcluding": "2.3.7"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "9DF037A1-026B-4083-97FB-13578A56326C", "versionEndExcluding": "2.3.7"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "vulnerable": true, "matchCriteriaId": "FEBAEE65-BE3C-45B8-A321-F24F90495906", "versionEndExcluding": "2.4.2", "versionStartIncluding": "2.4.0"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "6A81A9D5-8570-430F-AD20-BEBEC3151865", "versionEndExcluding": "2.4.2", "versionStartIncluding": "2.4.0"}, {"criteria": "cpe:2.3:a:magento:magento:2.3.7:-:*:*:commerce:*:*:*", "vulnerable": true, "matchCriteriaId": "F124A6F4-E3B3-4065-970D-963BAAAD59CB"}, {"criteria": "cpe:2.3:a:magento:magento:2.3.7:-:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "4F1E5426-A646-4EC1-902A-FD30B00AD1AA"}, {"criteria": "cpe:2.3:a:magento:magento:2.4.2:-:*:*:commerce:*:*:*", "vulnerable": true, "matchCriteriaId": "58C98B8D-6E7B-44FA-8C73-D2AA1DC0A074"}, {"criteria": "cpe:2.3:a:magento:magento:2.4.2:-:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "930C8AEF-C433-4CF9-AC81-7CCFC3EDFD48"}, {"criteria": "cpe:2.3:a:magento:magento:2.4.2:p1:*:*:commerce:*:*:*", "vulnerable": true, "matchCriteriaId": "68A6F795-960A-42F0-96BA-2E3D912F3E1A"}, {"criteria": "cpe:2.3:a:magento:magento:2.4.2:p1:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "E9CD54D8-4E55-4437-B762-A68F2BE62CF3"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}