CVE-2024-21665

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 11, 2024

Updated: Jan 17, 2024

CWE ID 284

Summary

CVE-2024-21665 is a vulnerability affecting the Pimcore Ecommerce Framework Bundle, identified as 'ecommerce-framework-bundle'. This issue allows both authenticated and unauthorized users to access the back-office orders list, bypassing essential access control and permissions. The information returned from the affected system can be queried, posing a significant risk to data privacy and security. The vulnerability has been addressed in version 1.0.10 of the bundle through a patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Pimcore

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uGMnWx
https://www.cve.org/CVERecord?id=CVE-2024-21665
https://nvd.nist.gov/vuln/detail/CVE-2024-21665

Back to Vulnerability Database

CVE-2024-21665

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations