Home > Vulnerability Database > CVE-2021-32716

Mend.io Vulnerability Database

CVE-2021-32716

Good to know:

Date: June 24, 2021

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.

Language: PHP

Severity Score

4.0

Related Resources (5)

Url: https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-06-2021

Url: https://github.com/shopware/platform/security/advisories/GHSA-gpmh-g94g-qrhr

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-32716

Url: https://github.com/shopware/platform/commit/b5c3ce3e93bd121324d72aa9d367cb636ff1c0eb

Url: https://www.mend.io/vulnerability-database/CVE-2021-32716

Severity Score

4.0

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version v6.4.1.1

Learn More

CVSS v3

Base Score:	4.0
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE

CVSS v2

Base Score:	7.5
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-32716

Good to know:

Date: June 24, 2021

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?