Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-18527
HistoryMar 11, 2022 - 12:00 a.m.

Shopware Access Control Error Vulnerability

2022-03-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
17

0.001 Low

EPSS

Percentile

31.3%

JSON

Shopware is a suite of open source e-commerce software from the German company Shopware. Shopware is vulnerable to an access control error that stems from not properly setting sensitive HTTP headers to non-cacheable, which could be exploited by an attacker to enable HTTP caching and then have customer sessions shared between customers, resulting in an inconsistent experience for guest users.

CPENameOperatorVersion
Shopware Shopware <6.eq4.8.2

Related

prion 1
veracode 1
nvd 1
cve 1
cvelist 1
osv 2
github 1
prion
prion
Design/Logic Flaw
2022-03-09 23:15:00
veracode
veracode
Session Fixation
2022-03-10 07:34:33
nvd
nvd
CVE-2022-24745
2022-03-09 23:15:08
cve
cve
CVE-2022-24745
2022-03-09 23:15:08
cvelist
cvelist
CVE-2022-24745 Guest session is shared between customers in shopware
2022-03-09 22:25:28
osv
osv
Shopware guest session is shared between customers
2022-03-10 17:28:55
CVE-2022-24745
2022-03-09 23:15:08
github
github
Shopware guest session is shared between customers
2022-03-10 17:28:55

0.001 Low

EPSS

Percentile

31.3%

JSON
Related for CNVD-2022-18527
prion1veracode1nvd1cve1cvelist1osv2github1