cvelist/2021/36xxx/CVE-2021-36030.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "DATE_PUBLIC": "2021-08-10T23:00:00.000Z",
        "ID": "CVE-2021-36030",
        "STATE": "PUBLIC",
        "TITLE": "Magento Commerce Improper Input Validation During Checkout Process Could Lead To Privilege Escalation"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Magento Commerce",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "2.4.2"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_value": "2.4.2-p1"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_value": "2.3.7"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_value": "None"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Adobe"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Improper Input Validation (CWE-20)"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html",
                "name": "https://helpx.adobe.com/security/products/magento/apsb21-64.html"
            }
        ]
    },
    "source": {
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2021-06-30 19:01:06 +00:00			`{`
			`"CVE_data_meta": {`
"-Synchronized-Data." 2021-09-01 15:01:01 +00:00			`"ASSIGNER": "psirt@adobe.com",`
			`"DATE_PUBLIC": "2021-08-10T23:00:00.000Z",`
"-Synchronized-Data." 2021-06-30 19:01:06 +00:00			`"ID": "CVE-2021-36030",`
"-Synchronized-Data." 2021-09-01 15:01:01 +00:00			`"STATE": "PUBLIC",`
			`"TITLE": "Magento Commerce Improper Input Validation During Checkout Process Could Lead To Privilege Escalation"`
"-Synchronized-Data." 2021-06-30 19:01:06 +00:00			`},`
"-Synchronized-Data." 2021-09-01 15:01:01 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Magento Commerce",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_value": "2.4.2"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_value": "2.4.2-p1"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_value": "2.3.7"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_value": "None"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Adobe"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2021-06-30 19:01:06 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2021-09-01 15:01:01 +00:00			`"value": "Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items."`
"-Synchronized-Data." 2021-06-30 19:01:06 +00:00			`}`
			`]`
"-Synchronized-Data." 2021-09-01 15:01:01 +00:00			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "Low",`
			`"attackVector": "Network",`
			`"availabilityImpact": "None",`
			`"baseScore": 7.5,`
			`"baseSeverity": "High",`
			`"confidentialityImpact": "None",`
			`"integrityImpact": "High",`
			`"privilegesRequired": "None",`
			`"scope": "Unchanged",`
			`"userInteraction": "None",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Improper Input Validation (CWE-20)"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "MISC",`
			`"url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html",`
			`"name": "https://helpx.adobe.com/security/products/magento/apsb21-64.html"`
			`}`
			`]`
			`},`
			`"source": {`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2021-06-30 19:01:06 +00:00			`}`
			`}`