Home > Vulnerability Database > CVE-2021-32716

Mend.io Vulnerability Database

CVE-2021-32716

Date: June 24, 2021

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.

Language: PHP

Severity Score

4.4

Related Resources (5)

Url: https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-06-2021

Url: https://github.com/shopware/platform/security/advisories/GHSA-gpmh-g94g-qrhr

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-32716

Url: https://github.com/shopware/platform/commit/b5c3ce3e93bd121324d72aa9d367cb636ff1c0eb

Url: https://www.mend.io/vulnerability-database/CVE-2021-32716

Severity Score

4.4

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-32716

Date: June 24, 2021

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?