← back
CVE-2020-24405

Incorrect permissions in Inventory module could lead to unauthorized modification of inventory stock data

CVSS 4.3 MEDIUMEPSS 1.5%CWE-285
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
09 Nov 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. This vulnerability could be abused by authenticated users to modify inventory stock data without authorization.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected products
Adobe · Magento Commerce

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://helpx.adobe.com/security/products/magento/apsb20-59.html