First published: Wed Apr 20 2022(Updated: )
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Shopware Shopware | <6.4.10.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24871 is a vulnerability in Shopware, an open commerce platform, that allows an attacker to abuse the Admin SDK functionality on the server to read or update internal resources.
CVE-2022-24871 has a severity rating of 5.5 (high).
To fix CVE-2022-24871, users are advised to update to the current version 6.4.10.1 of Shopware.
Yes, versions 6.1, 6.2, and 6.3 of Shopware are also affected by CVE-2022-24871.
You can find more information about CVE-2022-24871 in the following references: [link 1](https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022), [link 2](https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c), [link 3](https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2).