CVE-2022-24871
Server-Side Request Forgery (SSRF) in Shopware
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current version 6.4.10.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. There are no known workarounds for this issue.
Shopware es una plataforma de comercio abierta basada en Symfony Framework y Vue. En las versiones afectadas un atacante puede abusar de la funcionalidad Admin SDK en el servidor para leer o actualizar recursos internos. Es recomendado a usuarios actualizar a la versión actual 6.4.10.1. Para las versiones anteriores de 6.1, 6.2 y 6.3, las medidas de seguridad correspondientes también están disponibles por medio de un plugin. No son conocidas medidas de mitigación para este problema
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-10 CVE Reserved
- 2022-04-20 CVE Published
- 2023-11-11 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Shopware Search vendor "Shopware" | Shopware Search vendor "Shopware" for product "Shopware" | < 6.4.10.1 Search vendor "Shopware" for product "Shopware" and version " < 6.4.10.1" | - |
Affected
| ||||||