Vulnerability Details : CVE-2021-21012

CVE Name: CVE-2021-21012: Other vulnerability on Adobe Magento Open Source, Adobe Magento Commerce
Description: Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure.
Publish date: 2021-01-13T23:15Z
Last Update: 2022-08-05T19:30Z

CVSS Scores & Vulnerability Types

CVSS Score
5.3
Confidentiality ImpactLOW
Integrity ImpactNONE
Availability ImpactNONE
Actack VectorNETWORK
Actack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Vulnerability Type(s)Other
CWE ID639

Products Affected By CVE-2021-21012

# Vendor Product Vulnerable Versions
1 Adobe Magento Open Source 4
2 Adobe Magento Commerce 4

Detail of Verions Affected

# Product Type Vendor Product Version
1 Application Adobe Magento Open Source 2.4.1
2 Application Adobe Magento Open Source 2.4.0
3 Application Adobe Magento Commerce 2.4.1
4 Application Adobe Magento Commerce 2.4.0
5 Application Adobe Magento Commerce 2.4.0 P1
6 Application Adobe Magento Commerce *
7 Application Adobe Magento Open Source *
8 Application Adobe Magento Open Source 2.4.0 P1

References For CVE-2021-21012

Hyperlink Resource
https://helpx.adobe.com/security/products/magento/apsb21-08.html Release Notes, Vendor Advisory