Vulnerabilities > CVE-2022-36102 - Improper Preservation of Permissions vulnerability in Shopware

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

shopware

CWE-281

NVD

Published: 2022-09-12

Updated: 2022-09-15

Summary

Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do. Users are advised to update to the current version (5.7.15). Users can get the update via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.

Vulnerable Configurations

Part	Description	Count
Application	Shopware Shopware Shopware 5.0.0 Shopware Shopware 5.0.1 Shopware Shopware 5.0.2 Shopware Shopware 5.0.3 Shopware Shopware 5.0.4 Shopware Shopware 5.1.0 Shopware Shopware 5.1.1 Shopware Shopware 5.1.2 Shopware Shopware 5.1.3 Shopware Shopware 5.1.4 Shopware Shopware 5.1.5 Shopware Shopware 5.1.6 Shopware Shopware 5.2.0 Shopware Shopware 5.2.1 Shopware Shopware 5.2.2 Shopware Shopware 5.2.3 Shopware Shopware 5.2.4 Shopware Shopware 5.2.5 Shopware Shopware 5.2.6 Shopware Shopware 5.2.7 Shopware Shopware 5.2.8 Shopware Shopware 5.2.9 Shopware Shopware 5.2.10 Shopware Shopware 5.2.11 Shopware Shopware 5.2.12 Shopware Shopware 5.2.13 Shopware Shopware 5.2.14 Shopware Shopware 5.2.15 Shopware Shopware 5.2.16 Shopware Shopware 5.2.17 Shopware Shopware 5.2.18 Shopware Shopware 5.2.19 Shopware Shopware 5.2.20 Shopware Shopware 5.2.21 Shopware Shopware 5.2.22 Shopware Shopware 5.2.23 Shopware Shopware 5.2.24 Shopware Shopware 5.2.25 Shopware Shopware 5.2.26 Shopware Shopware 5.2.27 Shopware Shopware 5.3.0 Shopware Shopware 5.3.1 Shopware Shopware 5.3.2 Shopware Shopware 5.3.3 Shopware Shopware 5.3.4 Shopware Shopware 5.3.5 Shopware Shopware 5.3.6 Shopware Shopware 5.3.7 Shopware Shopware 5.4.0 Shopware Shopware 5.4.1 Shopware Shopware 5.4.2 Shopware Shopware 5.4.3 Shopware Shopware 5.4.4 Shopware Shopware 5.4.5 Shopware Shopware 5.4.6 Shopware Shopware 5.5.0 Shopware Shopware 5.5.1 Shopware Shopware 5.5.2 Shopware Shopware 5.5.3 Shopware Shopware 5.5.4 Shopware Shopware 5.5.5 Shopware Shopware 5.5.6 Shopware Shopware 5.5.7 Shopware Shopware 5.5.8 Shopware Shopware 5.5.9 Shopware Shopware 5.5.10 Shopware Shopware 5.6.0 Shopware Shopware 5.6.1 Shopware Shopware 5.6.2 Shopware Shopware 5.6.3 Shopware Shopware 5.6.4 Shopware Shopware 5.6.5 Shopware Shopware 5.6.6 Shopware Shopware 5.6.7 Shopware Shopware 5.6.8 Shopware Shopware 5.6.9 Shopware Shopware 5.6.10 Shopware Shopware 5.7.0 Shopware Shopware 5.7.1 Shopware Shopware 5.7.2 Shopware Shopware 5.7.3 Shopware Shopware 5.7.4 Shopware Shopware 5.7.5 Shopware Shopware 5.7.6 Shopware Shopware 5.7.7 Shopware Shopware 5.7.8 Shopware Shopware 5.7.9 Shopware Shopware 5.7.10 Shopware Shopware 5.7.11 Shopware Shopware 5.7.12 Shopware Shopware 5.7.13 Shopware Shopware 5.7.14	117

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References