Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-21031

Good to know:

icon

Date: February 11, 2021

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.

Language: PHP

Severity Score

Related Resources (3)

https://nvd.nist.gov/vuln/detail/CVE-2021-21031
https://helpx.adobe.com/security/products/magento/apsb21-08.html
https://www.mend.io/vulnerability-database/CVE-2021-21031

Severity Score

Weakness Type (CWE)

Insufficient Session Expiration

CWE-613

Top Fix

icon

Upgrade Version

Upgrade to version 2.3.6-p1,2.4.1-p1,2.4.2

Learn More

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH
Additional information:

Do you need more information?

Contact Us