Bulletin ID
Security Updates Available for Magento | APSB21-30
|
Date Published |
Priority |
---|---|---|
ASPB21-30 |
May 11, 2021 |
2 |
Summary
Affected Versions
Product | Version | Platform |
---|---|---|
Magento Commerce |
2.4.2 and earlier versions |
All |
2.4.1-p1 and earlier versions |
All | |
2.3.6-p1 and earlier versions |
All |
|
Magento Open Source |
2.4.2 and earlier versions |
All |
2.4.1-p1 and earlier versions |
All | |
2.3.6-p1 and earlier versions |
All |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version.
Product | Updated Version | Platform | Priority Rating | Release Notes |
---|---|---|---|---|
Magento Commerce | 2.4.2-p1 |
All |
2 |
|
2.3.7 | All |
2 |
||
Magento Open Source |
2.4.2-p1 |
All | 2 | |
2.3.7 | All |
2 |
Vulnerability details
Pre-authentication: The vulnerability is exploitable without credentials.
Admin privileges required: The vulnerability is only exploitable by an attacker with administrative privileges.
Additional technical descriptions of the CVEs referenced in this document will be made available on MITRE and NVD sites.
Acknowledgments
Adobe would like to thank the following individuals for reporting the relevant issues and for working with Adobe to help protect our customers:
- Kien Hoang (CVE-2021-28567)
- Nuswantara Gading Alfa Putranto - Ethic Ninja (https://ethic.ninja) (CVE-2021-28566)
- Charybdis (CVE-2021-28556)
- Igor Wulff (CVE-2021-28583)
- Derp47 (CVE-2021-28584)