CVE-2022-24871

Опубликовано: 20 апр. 2022

Источник: nvd

CVSS3: 7.2

CVSS3: 5.5

CVSS2: 5.5

EPSS Низкий

Описание

Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.

Ссылки

https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022
Patch
Third Party Advisory
https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c
Patch
Third Party Advisory
https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2
Third Party Advisory
https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022
Patch
Third Party Advisory
https://github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c
Patch
Third Party Advisory
https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*

Версия до 6.4.10.1 (исключая)

EPSS

Процентиль: 57%

0.00348

Низкий

7.2 High

CVSS3

5.5 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-7gm7-8q8v-9gf2

CVSS3: 7.2

github

почти 4 года назад

Server-Side Request Forgery (SSRF) in Shopware

EPSS

Процентиль: 57%

0.00348

Низкий

7.2 High

CVSS3

5.5 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-918