Vulnerabilities > CVE-2021-32716 - Incorrect Authorization vulnerability in Shopware

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

shopware

CWE-863

NVD

Published: 2021-06-24

Updated: 2022-10-25

Summary

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.

Vulnerable Configurations

Part	Description	Count
Application	Shopware Shopware Shopware 6.1.0 Shopware Shopware 6.1.1 Shopware Shopware 6.1.2 Shopware Shopware 6.1.3 Shopware Shopware 6.1.4 Shopware Shopware 6.1.5 Shopware Shopware 6.1.6 Shopware Shopware 6.2.0 Shopware Shopware 6.2.1 Shopware Shopware 6.2.2 Shopware Shopware 6.2.3 Shopware Shopware 6.3.0.0 Shopware Shopware 6.3.0.1 Shopware Shopware 6.3.0.2 Shopware Shopware 6.3.1.0 Shopware Shopware 6.3.1.1 Shopware Shopware 6.3.2.0 Shopware Shopware 6.3.2.1 Shopware Shopware 6.3.3.0 Shopware Shopware 6.3.3.1 Shopware Shopware 6.3.4.0 Shopware Shopware 6.3.4.1 Shopware Shopware 6.3.5.0 Shopware Shopware 6.3.5.1 Shopware Shopware 6.3.5.2 Shopware Shopware 6.3.5.3 Shopware Shopware 6.3.5.4 Shopware Shopware 6.4.0.0 Shopware Shopware 6.4.1.0	35

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References