{"api_version":"1","generated_at":"2026-04-24T08:32:39+00:00","cve":"CVE-2021-36030","urls":{"html":"https://cve.report/CVE-2021-36030","api":"https://cve.report/api/cve/CVE-2021-36030.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-36030","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-36030"},"summary":{"title":"CVE-2021-36030","description":"Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.","state":"PUBLIC","assigner":"psirt@adobe.com","published_at":"2021-09-01 15:15:00","updated_at":"2021-09-08 21:21:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb21-64.html","name":"https://helpx.adobe.com/security/products/magento/apsb21-64.html","refsource":"MISC","tags":[],"title":"Adobe Security Bulletin","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-36030","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36030","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"36030","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"adobe_commerce","cpe6":"2.4.2","cpe7":"p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"36030","vulnerable":"1","versionEndIncluding":"2.3.7","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"adobe_commerce","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"36030","vulnerable":"1","versionEndIncluding":"2.4.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"adobe_commerce","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"36030","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"magento_open_source","cpe6":"2.4.2","cpe7":"p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"36030","vulnerable":"1","versionEndIncluding":"2.3.7","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"magento_open_source","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"36030","vulnerable":"1","versionEndIncluding":"2.4.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"magento_open_source","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-36030","qid":"730180","title":"Magento Multiple Security Vulnerabilities (APSB21-64)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@adobe.com","DATE_PUBLIC":"2021-08-10T23:00:00.000Z","ID":"CVE-2021-36030","STATE":"PUBLIC","TITLE":"Magento Commerce Improper Input Validation During Checkout Process Could Lead To Privilege Escalation"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Magento Commerce","version":{"version_data":[{"version_affected":"<=","version_value":"2.4.2"},{"version_affected":"<=","version_value":"2.4.2-p1"},{"version_affected":"<=","version_value":"2.3.7"},{"version_affected":"<=","version_value":"None"}]}}]},"vendor_name":"Adobe"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items."}]},"impact":{"cvss":{"attackComplexity":"Low","attackVector":"Network","availabilityImpact":"None","baseScore":7.5,"baseSeverity":"High","confidentialityImpact":"None","integrityImpact":"High","privilegesRequired":"None","scope":"Unchanged","userInteraction":"None","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper Input Validation (CWE-20)"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://helpx.adobe.com/security/products/magento/apsb21-64.html","name":"https://helpx.adobe.com/security/products/magento/apsb21-64.html"}]},"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-09-01 15:15:00","lastModifiedDate":"2021-09-08 21:21:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndIncluding":"2.3.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:adobe_commerce:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndIncluding":"2.3.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:adobe_commerce:2.4.2:p1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:adobe_commerce:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndIncluding":"2.4.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:magento_open_source:2.4.2:p1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndIncluding":"2.4.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"36030","Ordinal":"211540","Title":"CVE-2021-36030","CVE":"CVE-2021-36030","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"36030","Ordinal":"1","NoteData":"Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated attacker can leverage this vulnerability to alter the price of items.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"36030","Ordinal":"2","NoteData":"2021-09-01","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"36030","Ordinal":"3","NoteData":"2021-09-01","Type":"Other","Title":"Modified"}]}}}