Vulnerability Name: | CVE-2020-24405 (CCN-189856) | ||||||||||||
Assigned: | 2020-10-15 | ||||||||||||
Published: | 2020-10-15 | ||||||||||||
Updated: | 2022-10-21 | ||||||||||||
Summary: | Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. This vulnerability could be abused by authenticated users to modify inventory stock data without authorization. | ||||||||||||
CVSS v3 Severity: | 4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) 3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-24405 Source: XF Type: UNKNOWN adobe-magento-cve202024405-sec-bypass(189856) Source: CCN Type: Adobe Security Bulletin APSB20-59 Security Updates Available for Magento Source: MISC Type: Vendor Advisory https://helpx.adobe.com/security/products/magento/apsb20-59.html | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |