Adobe Magento Commerce up to 2.3.7/2.4.2/2.4.2-p1 GraphQL denial of service

Summaryinfo

A vulnerability categorized as problematic has been discovered in Adobe Magento Commerce up to 2.3.7/2.4.2/2.4.2-p1. This affects an unknown function of the component GraphQL. Executing a manipulation can lead to denial of service. This vulnerability is tracked as CVE-2021-36044. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability classified as problematic was found in Adobe Magento Commerce up to 2.3.7/2.4.2/2.4.2-p1. This vulnerability affects an unknown functionality of the component GraphQL. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability.

The weakness was disclosed 09/02/2021 as apsb21-64. The advisory is available at helpx.adobe.com. This vulnerability was named CVE-2021-36044. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1499 by the MITRE ATT&CK project.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2021-22677). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• E-Commerce Management Software

Vendor

• Adobe

Name

• Magento Commerce

Version

• 2.3.0
• 2.3.1
• 2.3.2
• 2.3.3
• 2.3.4
• 2.3.5
• 2.3.6
• 2.3.7
• 2.4.0
• 2.4.1
• 2.4.2
• 2.4.2-p1

License

• commercial

Website

• Vendor: https://www.adobe.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion