CVE-2021-39864

CVE Database · CVE-2021-39864

CVE-2021-39864

· MEDIUMModified

CVSS v3.1

6.5

EPSS

1.57%

Published

Oct 15, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) and 2.3.7p1 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to the admin console is not required for successful exploitation.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-352

Affected Products (12)

adobe · commercevulnerable

adobe · magento_open_sourcevulnerable

References (2)

https://helpx.adobe.com/security/products/magento/apsb21-86.html

Release NotesVendor Advisory

https://helpx.adobe.com/security/products/magento/apsb21-86.html

Release NotesVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs