Original Issue Date: August 23, 2021
Severity Rating: HIGH
Software Affected
Adobe Commerce version 2.4.2 and prior
Adobe Commerce and Magento Open Source version 2.4.2-p1 and prior
Adobe Commerce and Magento Open Source version 2.3.7 and prior
Overview
Multiple vulnerabilities have been reported in Adobe Commerce and Magento Open Source which could allow an attacker to gain elevated privileges, bypass security restrictions, execute arbitrary code, obtain sensitive information or cause denial of service conditions on the target system.
Description
These vulnerabilities exist in Adobe Commerce and Magento Open Source due to blind xpath injection vulnerability, business logic errors, cross-site scripting error, improper access control, improper authorization, improper input validation, incorrect authorization, OS command injection error, path traversal vulnerability, or server-side request forgery (SSRF) vulnerability. An attacker could exploit these vulnerabilities by executing a specially crafted request.
Successful exploitation of these vulnerabilities could allow the attacker to gain elevated privileges, bypass security restrictions, execute arbitrary code, obtain sensitive information or cause denial of service conditions on the target system.
Solution
Apply appropriate patches as mentioned in the Adobe Security Bulletin
https://helpx.adobe.com/security/products/magento/apsb21-64.html
Vendor Information
Adobe
https://helpx.adobe.com/security/products/magento/apsb21-64.htm