Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-5393-j7pp-tqa2
Vulnerability ID VCID-5393-j7pp-tqa2
Aliases CVE-2021-37707
GHSA-9f8f-574q-8jmf
Summary Improper Input Validation Shopware is an open source eCommerce platform. contain a vulnerability that allows manipulation of product reviews via API. contains a patch.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20 Improper Input Validation
System Score Found at
epss 0.00215 https://api.first.org/data/v1/epss?cve=CVE-2021-37707
cvssv3.1 6.5 https://github.com/shopware/platform
generic_textual MODERATE https://github.com/shopware/platform
cvssv3.1 6.5 https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838be
generic_textual MODERATE https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838be
cvssv3.1 6.5 https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmf
generic_textual MODERATE https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmf
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37707
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2021-37707
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-37707
https://github.com/shopware/platform
https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838be
https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmf
CVE-2021-37707 https://nvd.nist.gov/vuln/detail/CVE-2021-37707
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/shopware/platform
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/shopware/platform/commit/912b96de3b839c6c5525c98cbb58f537c2d838be
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/shopware/platform/security/advisories/GHSA-9f8f-574q-8jmf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-37707
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.44007
EPSS Score 0.00215
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:55:29.355355+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/shopware/core/CVE-2021-37707.yml 38.6.0