Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the /bin directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability.
{
"source": "CPE_STRING",
"cpe": [
"cpe:2.3:a:smartstore:smartstore:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:smartstore:smartstore:4.0.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "4.0.0"
},
{
"last_affected": "4.0.0"
},
{
"introduced": "4.0.1"
},
{
"last_affected": "4.0.1"
}
]
}