First published: Wed Jan 13 2021(Updated: )
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe Magento | <=2.4.1 | |
Adobe Magento | >=2.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-21013.
The severity level of CVE-2021-21013 is high.
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by this vulnerability.
Successful exploitation of CVE-2021-21013 could lead to sensitive information disclosure and arbitrary information updates on another user's account.
You can find more information about CVE-2021-21013 at the following reference link: [Reference Link](https://helpx.adobe.com/security/products/magento/apsb21-08.html)