CVE-2021-39864
Adobe Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Cart Addition
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.
Adobe Commerce versiones 2.4.2-p2 (y anteriores), 2.4.3 (y anteriores) y 2.3.7p1 (y anteriores), están afectadas por una vulnerabilidad de tipo cross-site request forgery (CSRF) por medio de un Enlace para Compartir la Lista de Deseos. Una explotación con éxito podría conllevar a una adición no autorizada al carrito del cliente por parte de un atacante no autenticado. No es requerido un acceso a la consola de administración para una explotación con éxito
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-08-23 CVE Reserved
- 2021-10-15 CVE Published
- 2023-05-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://helpx.adobe.com/security/products/magento/apsb21-86.html | 2021-10-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Commerce Search vendor "Adobe" for product "Commerce" | <= 2.3.7 Search vendor "Adobe" for product "Commerce" and version " <= 2.3.7" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Commerce Search vendor "Adobe" for product "Commerce" | 2.3.7 Search vendor "Adobe" for product "Commerce" and version "2.3.7" | p1 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Commerce Search vendor "Adobe" for product "Commerce" | 2.4.2 Search vendor "Adobe" for product "Commerce" and version "2.4.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Commerce Search vendor "Adobe" for product "Commerce" | 2.4.2 Search vendor "Adobe" for product "Commerce" and version "2.4.2" | p1 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Commerce Search vendor "Adobe" for product "Commerce" | 2.4.2 Search vendor "Adobe" for product "Commerce" and version "2.4.2" | p2 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Commerce Search vendor "Adobe" for product "Commerce" | 2.4.3 Search vendor "Adobe" for product "Commerce" and version "2.4.3" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Magento Open Source Search vendor "Adobe" for product "Magento Open Source" | <= 2.3.7 Search vendor "Adobe" for product "Magento Open Source" and version " <= 2.3.7" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Magento Open Source Search vendor "Adobe" for product "Magento Open Source" | 2.3.7 Search vendor "Adobe" for product "Magento Open Source" and version "2.3.7" | p1 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Magento Open Source Search vendor "Adobe" for product "Magento Open Source" | 2.4.2 Search vendor "Adobe" for product "Magento Open Source" and version "2.4.2" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Magento Open Source Search vendor "Adobe" for product "Magento Open Source" | 2.4.2 Search vendor "Adobe" for product "Magento Open Source" and version "2.4.2" | p1 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Magento Open Source Search vendor "Adobe" for product "Magento Open Source" | 2.4.2 Search vendor "Adobe" for product "Magento Open Source" and version "2.4.2" | p2 |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Magento Open Source Search vendor "Adobe" for product "Magento Open Source" | 2.4.3 Search vendor "Adobe" for product "Magento Open Source" and version "2.4.3" | - |
Affected
| ||||||