{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-05T01:48:27.484","vulnerabilities":[{"cve":{"id":"CVE-2021-36028","sourceIdentifier":"psirt@adobe.com","published":"2021-09-01T15:15:09.453","lastModified":"2024-11-21T06:12:58.987","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution."},{"lang":"es","value":"Magento Commerce versiones 2.4.2 (y anteriores), versiones 2.4.2-p1 (y anteriores), y versiones 2.3.7 (y anteriores), están afectadas por una vulnerabilidad de inyección XML cuando se guarda un producto configurable. Un atacante con privilegios de administrador puede desencadenar un script especialmente diseñado para lograr una ejecución de código remota"}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-91"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:adobe_commerce:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndIncluding":"2.3.7","matchCriteriaId":"72F005E6-8523-49FF-91F7-644BC737DDEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:adobe_commerce:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndIncluding":"2.4.2","matchCriteriaId":"260156B9-9CEF-4732-AD94-7D3CCD784F1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:adobe_commerce:2.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"C711D725-10E3-4A9C-AAD8-9B1766CB42F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndIncluding":"2.3.7","matchCriteriaId":"052A5E47-66AF-4F60-8949-E2B6CE98AEE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndIncluding":"2.4.2","matchCriteriaId":"ADE9F2A6-575A-48DA-ACE4-B22ABB275B6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento_open_source:2.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"8F768F94-34F1-4FB8-8D96-3BBC9D6B8C89"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb21-64.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://helpx.adobe.com/security/products/magento/apsb21-64.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}