Improper Access Control in EC-CUBE 2 Series Affects System Settings
CVE-2021-20841

6.5MEDIUM

Key Information:

Vendor: Ec-cube Co.,ltd.
Status: Ec-cube 2 Series
Vendor: CVE Published:; 24 November 2021

🔔 Create Ec-cube Co.,ltd. Vulnerability Alert

What is CVE-2021-20841?

An improper access control vulnerability in the Management screen of the EC-CUBE 2 series, specifically versions 2.11.2 through 2.17.1, enables a remote authenticated attacker to bypass established access restrictions. This allows unauthorized alteration of critical system settings through unclear mechanisms, posing a significant risk to the integrity of the system. The presence of this vulnerability necessitates immediate attention to safeguard against potential exploits.

Affected Version(s)

EC-CUBE 2 series 2.11.2 to 2.17.1

References

https://www.ec-cube.net/info/weakness/20211111/

x_refsource_MISC

https://jvn.jp/en/jp/JVN75444925/index.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 24, 2021
Vulnerability Reserved
Dec 17, 2020