Vulnerability Name: | CVE-2020-24403 (CCN-189854) | ||||||||||||
Assigned: | 2020-10-15 | ||||||||||||
Published: | 2020-10-15 | ||||||||||||
Updated: | 2022-10-21 | ||||||||||||
Summary: | Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API. | ||||||||||||
CVSS v3 Severity: | 2.7 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) 2.4 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-24403 Source: XF Type: UNKNOWN adobe-magento-cve202024403-sec-bypass(189854) Source: CCN Type: Adobe Security Bulletin APSB20-59 Security Updates Available for Magento Source: MISC Type: Vendor Advisory https://helpx.adobe.com/security/products/magento/apsb20-59.html | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |