CVE-2021-36030

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.

Published: Sep 1, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-36030
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
adobe / magento_open_source	2.3.0	2.3.7.x
adobe / adobe_commerce	2.3.0	2.3.7.x
adobe / adobe_commerce	2.4.2-p1	2.4.2-p1.x
adobe / adobe_commerce	2.4.0	2.4.2.x
adobe / magento_open_source	2.4.2-p1	2.4.2-p1.x
adobe / magento_open_source	2.4.0	2.4.2.x

https://helpx.adobe.com/security/products/magento/apsb21-64.html

Vulnerability Database

289,871

CVE-2021-36030