CVE-2021-21014 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2021-21014

CVE-2021-21014

February 11, 2021

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.

Related Resources (5)

https://nvd.nist.gov/vuln/detail/CVE-2021-21014

https://github.com/magento/magento2/commit/a349e022c9ae070e7da262021f9ef182105aa00b

https://github.com/magento/magento2

https://helpx.adobe.com/security/products/magento/apsb21-08.html

https://github.com/magento/magento2/commit/a2eb7e29ea92a8bbc86c3b6b81b59d8533088497

Do you need more information?

CVSS v4

Base Score:

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

HIGH

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

HIGH

Subsequent System Integrity

HIGH

Subsequent System Availability

HIGH

CVSS v3

Base Score:

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

CVSS v2

Base Score:

6.5

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

Weakness Type (CWE)

Unrestricted Upload of File with Dangerous Type

CWE-434

EPSS

Base Score:

0.51

Products

Solutions

Resources

Company

Compare

Developer Tools