What is CVE-2022-24871?

CVE-2022-24871 is a high-severity vulnerability in Shopware Platform, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.2/10. Published 2022-04-20.

How severe is CVE-2022-24871?

High severity. CVSS v3 base score is 7.2 out of 10.

SSRF in Shopware Platform

CVE-2022-24871

Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Users are advised to update to the current…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.003 (57.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Shopware Platform — versions < 6.4.10.1

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

github.com/shopware/platform/security/advisories/GHSA-7gm7-8q8v-9gf2 (x_refsource_CONFIRM)
github.com/shopware/platform/commit/083765e2d64a00315050c4891800c9e98ba0c77c (x_refsource_MISC)
docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2022 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-24871?: CVE-2022-24871 is a high-severity vulnerability in Shopware Platform, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.2/10. Published 2022-04-20.
How severe is CVE-2022-24871?: High severity. CVSS v3 base score is 7.2 out of 10.