Vulnerabilities > CVE-2022-24871 - Server-Side Request Forgery (SSRF) vulnerability in Shopware

047910
CVSS 5.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
LOW
Availability impact
NONE
network
low complexity
shopware
CWE-918

Summary

Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.

Vulnerable Configurations

Part Description Count
Application
Shopware
199

Common Weakness Enumeration (CWE)