| Title |
Severity |
Exploit |
Date |
Affected Version |
|
CVE-2021-37707
|
High
|
|
Aug 16, 2021
|
< 6.4.3.1
|
|
non-admin users can create integration role with administrator role
|
Medium
|
|
Jun 28, 2021
|
< 6.4.1.1
|
|
Internal hidden fields are visible on to many associations in admin api
|
Medium
|
|
Jun 28, 2021
|
< 6.4.1.1
|
|
Private files publicly accessible with Cloud Storage providers
|
High
|
|
Jun 28, 2021
|
< 6.4.1.1
|
|
Creation of order credits was not validated by acl in admin orders
|
Low
|
|
Jun 28, 2021
|
< 6.4.1.1
|
|
Canceling of orders not related to the logged-in user
|
Medium
|
|
Jun 28, 2021
|
< 6.4.1.1
|
|
CVE-2021-32716
|
Low
|
|
Jun 24, 2021
|
< 6.4.1.1
|
|
CVE-2021-32717
|
High
|
|
Jun 24, 2021
|
< 6.4.1.1
|
|
CVE-2021-32711
|
High
|
|
Jun 24, 2021
|
< 6.3.5.1
|
|
CVE-2021-32710
|
High
|
|
Jun 24, 2021
|
< 6.3.5.2
|
shopware / platform