Vulnerabilities > Adobe > Adobe Commerce > 2.4.2

DATE CVE VULNERABILITY TITLE RISK
2021-09-01 CVE-2021-36031 Path Traversal vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter.
network
low complexity
adobe CWE-22
6.5
6.5
2021-09-01 CVE-2021-36032 Authorization Bypass Through User-Controlled Key vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability.
network
low complexity
adobe CWE-639
8.8
8.8
2021-09-01 CVE-2021-36033 XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module.
network
low complexity
adobe CWE-91
6.5
6.5
2021-09-01 CVE-2021-36034 Improper Input Validation vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability.
network
low complexity
adobe CWE-20
7.2
7.2
2021-09-01 CVE-2021-36035 Improper Input Validation vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability.
network
low complexity
adobe CWE-20
6.5
6.5
2021-09-01 CVE-2021-36037 Unspecified vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability.
network
low complexity
adobe
4.0
4.0
2021-09-01 CVE-2021-36038 Improper Input Validation vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module.
network
low complexity
adobe CWE-20
4.0
4.0
2021-09-01 CVE-2021-36039 Incorrect Authorization vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter.
network
low complexity
adobe CWE-863
4.0
4.0
2021-09-01 CVE-2021-36040 Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability.
network
low complexity
adobe CWE-434
6.5
6.5
2021-09-01 CVE-2021-36041 Improper Input Validation vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability.
network
low complexity
adobe CWE-20
7.2
7.2