Vulnerabilities > Shopware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-20 | CVE-2022-24872 | Incorrect Permission Assignment for Critical Resource vulnerability in Shopware Shopware is an open commerce platform based on Symfony Framework and Vue. | 8.1 |
| 2022-03-09 | CVE-2022-24748 | Incorrect Authorization vulnerability in Shopware Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. | 7.5 |
| 2022-01-05 | CVE-2022-21652 | Insufficient Session Expiration vulnerability in Shopware Shopware is an open source e-commerce software platform. | 8.1 |
| 2021-08-16 | CVE-2021-37711 | Server-Side Request Forgery (SSRF) vulnerability in Shopware Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. | 8.8 |
| 2021-08-16 | CVE-2021-37707 | Unspecified vulnerability in Shopware Shopware is an open source eCommerce platform. | 7.5 |
| 2021-06-24 | CVE-2021-32717 | Incorrect Permission Assignment for Critical Resource vulnerability in Shopware Shopware is an open source eCommerce platform. | 7.5 |
| 2021-06-24 | CVE-2021-32710 | Unspecified vulnerability in Shopware Shopware is an open source eCommerce platform. | 7.5 |
| 2021-06-24 | CVE-2021-32711 | Unspecified vulnerability in Shopware Shopware is an open source eCommerce platform. | 7.5 |
| 2020-07-28 | CVE-2020-13997 | Information Exposure Through an Error Message vulnerability in Shopware In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. | 7.5 |
| 2020-07-28 | CVE-2020-13970 | Server-Side Request Forgery (SSRF) vulnerability in Shopware Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. | 8.8 |