Vulnerabilities > CVE-2021-39864 - Unspecified vulnerability in Adobe Commerce and Magento Open Source

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

adobe

NVD

Published: 2021-10-15

Updated: 2024-11-21

Summary

Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Commerce 2.3.7 Adobe Commerce - Adobe Commerce 2.4.2 Adobe Commerce 2.4.3 Adobe Magento Open Source 2.4.2 Adobe Magento Open Source 2.3.7 Adobe Magento Open Source 2.4.3	12

References

https://helpx.adobe.com/security/products/magento/apsb21-86.html
https://helpx.adobe.com/security/products/magento/apsb21-86.html