CVE-2021-37709
Insecure direct object reference of log files of the Import/Export feature
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
Shopware es una plataforma de comercio electrónico de código abierto. Las versiones anteriores a 6.4.3.1 contienen una vulnerabilidad que implica una referencia directa no segura a objetos de los archivos de registro de la funcionalidad Import/Export. La versión 6.4.3.1 contiene un parche. Como soluciones para las versiones anteriores de 6.1, 6.2 y 6.3, también están disponibles las medidas de seguridad correspondientes por medio de un plugin.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-07-29 CVE Reserved
- 2021-08-16 CVE Published
- 2023-03-09 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/shopware/platform/security/advisories/GHSA-54gp-qff8-946c | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/shopware/platform/commit/a9f52abb6eb503654c492b6b2076f8d924831fec | 2022-04-25 |
| URL | Date | SRC |
|---|