CVE-2021-28563

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-28563
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28563.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-28563
Aliases
Published
2021-06-28T14:15:10.220Z
Modified
2026-03-17T06:56:55.719211Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint. Successful exploitation could lead to unauthorized modification of customer data by an unauthenticated attacker. Access to the admin console is required for successful exploitation.

References

Affected packages

Git / github.com/magento/devdocs

Affected ranges

Type
GIT
Repo
https://github.com/magento/devdocs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9eba2c99bed83d8297c03b7ea3b110500cc5b955
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9eba2c99bed83d8297c03b7ea3b110500cc5b955
Database specific 
{
    "versions": [
        {
            "introduced": "2.4.0"
        },
        {
            "last_affected": "2.4.2"
        },
        {
            "introduced": "2.4.0"
        },
        {
            "last_affected": "2.4.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/magento/magento2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
44a7b6079bcac5ba92040b16f4f74024b4f34d09
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
44a7b6079bcac5ba92040b16f4f74024b4f34d09
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.7"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.7"
        }
    ]
}

Affected versions

0.*
0.1.0-alpha100
0.1.0-alpha101
0.1.0-alpha102
0.1.0-alpha103
0.1.0-alpha104
0.1.0-alpha105
0.1.0-alpha106
0.1.0-alpha107
0.1.0-alpha108
0.1.0-alpha89
0.1.0-alpha90
0.1.0-alpha91
0.1.0-alpha92
0.1.0-alpha93
0.1.0-alpha94
0.1.0-alpha95
0.1.0-alpha96
0.1.0-alpha97
0.1.0-alpha98
0.1.0-alpha99
0.42.0-beta1
0.42.0-beta10
0.42.0-beta11
0.42.0-beta2
0.42.0-beta3
0.42.0-beta4
0.42.0-beta5
0.42.0-beta6
0.42.0-beta7
0.42.0-beta8
0.42.0-beta9
0.74.0-beta1
0.74.0-beta10
0.74.0-beta11
0.74.0-beta12
0.74.0-beta13
0.74.0-beta14
0.74.0-beta15
0.74.0-beta16
0.74.0-beta2
0.74.0-beta3
0.74.0-beta4
0.74.0-beta5
0.74.0-beta6
0.74.0-beta7
0.74.0-beta8
0.74.0-beta9
1.*
1.0.0-beta
1.x-eos
2.*
2.0.0
2.0.0-rc
2.0.0-rc2
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.8
2.0.9
2.1.0
2.1.0-rc1
2.1.0-rc2
2.1.0-rc3
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.2.0
2.2.0-RC1.1
2.2.0-RC1.2
2.2.0-RC1.3
2.2.0-RC1.4
2.2.0-RC1.5
2.2.0-RC1.6
2.2.0-RC1.8
2.2.0-rc2.0
2.2.0-rc2.1
2.2.0-rc2.2
2.2.0-rc2.3
2.2.0-rc3.0
2.2.1
2.2.10
2.2.11
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.3.1
2.3.2
2.3.2-p1
2.3.3
2.3.3-p1
2.3.4
2.3.5
2.3.6
2.3.6-p1
2.4.1-p1
2.4.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28563.json"