QwikSec

Security Database

CVE

CWE

Training

CVE-2022-36101

Published: Sep 12, 2022

Modified: Apr 23, 2025

PUBLISHED

CVSS v3.1

5.4

MEDIUM

Description

Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue.

Vendor	Product	Versions
shopware	shopware	affected `< 5.7.15`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://packagist.org/packages/shopware/shopware

x_refsource_MISC

https://github.com/shopware/shopware/security/advisories/GHSA-6vfq-jmxg-g58r

x_refsource_CONFIRM

https://github.com/shopware/shopware/commit/af5cdbc81d60f21b728e1433aeb8837f25938d2a

x_refsource_MISC

https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-09-2022

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.