Base Score

HIGH7.2

CVE-2021-21427

Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The vulnerability is patched in versions 19.4.13 and 20.0.9.

VectorNETWORK

Published Bysecurity-advisories@github.com

Published DateApr 21, 2021, 21:15

Affected Versions(2)

openmage/magento-lts(Packagist)

Introduced0

Fixed19.4.13

LimitN/A

openmage/magento-lts(Packagist)

Introduced20.0.0

Fixed20.0.9

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
openmage/magento-lts(Packagist)	0	19.4.13	N/A
openmage/magento-lts(Packagist)	20.0.0	20.0.9	N/A

Weakness Type (CWE):CWE-89

CVSS Metrics

Base Score

7.2

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://github.com/OpenMage/magento-lts/security/advisories/GHSA-fvrf-9428-527m

Base Score

HIGH7.2

Weakness Type (CWE):CWE-89

CVSS Metrics

Base Score

7.2

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH