← back
CVE-2021-36038

Magento Commerce Multishipping Module Improper Input Validation Could Lead To Information Exposure

CVSS 6.5 MEDIUMEPSS 1.8%CWE-20
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 1.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
01 Sep 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. An authenticated attacker could leverage this vulnerability to achieve sensitive information disclosure.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Adobe · Magento Commerce

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://helpx.adobe.com/security/products/magento/apsb21-64.html