Miggo Logo
Miggo Vulnerability Database
CVE-2021-21026

CVE-2021-21026:
Magento improper authorization vulnerability in the integrations module

5.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-21026
GHSA ID
GHSA-crjc-2v9m-8w7r
EPSS Score
0.71727%
CWE
CWE-285
Published
5/24/2022
Updated
2/10/2025
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
magento/community-editioncomposer< 2.3.6-p12.3.6-p1
magento/community-editioncomposer>= 2.4.0, < 2.4.22.4.2
magento/project-community-editioncomposer<= 2.0.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The patches provided update various Magento modules, including the Integration module. The vulnerability is related to improper authorization in the integrations module, suggesting that the Integration module is likely involved. However, without direct evidence of the vulnerable function, we can only infer based on the module affected.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M***nto v*rsions *.*.* (*n* **rli*r), *.*.*-p* (*n* **rli*r) *n* *.*.* (*n* **rli*r) *r* *****t** *y *n improp*r *ut*oriz*tion vuln*r**ility in t** int**r*tions mo*ul*. Su***ss*ul *xploit*tion *oul* l*** to un*ut*oriz** ****ss to r*stri*t** r*sour**s

Reasoning

T** p*t***s provi*** up**t* v*rious M***nto mo*ul*s, in*lu*in* t** Int**r*tion mo*ul*. T** vuln*r**ility is r*l*t** to improp*r *ut*oriz*tion in t** int**r*tions mo*ul*, su***stin* t**t t** Int**r*tion mo*ul* is lik*ly involv**. *ow*v*r, wit*out *ir*