Information disclosure in Shopware - CVE-2022-36101

 

Information disclosure in Shopware - CVE-2022-36101

Published: September 12, 2022 / Updated: May 19, 2026


Vulnerability identifier: #VU131874
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-36101
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Shopware
Affected software:
Shopware

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper exposure of sensitive information in the customer detail view in the backend administration when handling requests for customer details. A remote user can request the customer detail view to disclose sensitive information.

The exposed data includes hashed passwords and session IDs.


How to mitigate CVE-2022-36101

Install security update from vendor's website.

Sources