CVE List

CVE-2021-21020

Moderate 5.3

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an access control bypass vulnerability in the Login as Customer module. Successful exploitation could lead to unauthorized access to restricted resources.

Published February 12, 2021.

Affected software

Get alerts for Magento Magento

Reference links