CVE-2021-21012 – Magento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information Disclosure

https://notcve.org/view.php?id=CVE-2021-21012

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure. Las versiones de Magento 2.4.1 (y anteriores), 2.4.0-p1 (y anteriores) y 2.3.6 (y anteriores) son vulnerables a una vulnerabilidad de objeto directo inseguro (IDOR) en el módulo de pago. Una explotación exitosa podría llevar a la divulgación de información sensible • https://helpx.adobe.com/security/products/magento/apsb21-08.html • CWE-639: Authorization Bypass Through User-Controlled Key •