CVE-2021-37709
First published: Mon Aug 16 2021(Updated: )
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Shopware Shopware | <6.4.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Shopware vulnerability?
The vulnerability ID for this Shopware vulnerability is CVE-2021-37709.
What is the severity level of CVE-2021-37709?
The severity level of CVE-2021-37709 is medium (6.5 out of 10).
What is the affected software for CVE-2021-37709?
The affected software for CVE-2021-37709 is Shopware versions prior to 6.4.3.1.
What is the vulnerability description of CVE-2021-37709?
CVE-2021-37709 is a vulnerability in Shopware that involves an insecure direct object reference of log files of the Import/Export feature.
How can I fix CVE-2021-37709 in older versions of Shopware?
For older versions of Shopware (6.1, 6.2, and 6.3), corresponding security measures should be applied as workarounds, or updating to version 6.4.3.1, which contains a patch, is recommended.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/shopware
- canonical/shopware shopware