| |
Vulnerability CVE-2019-7855
Published: 2019-08-02 Modified: 2019-08-03
| Description: |
A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation. |
Type:
CWE-310 (Cryptographic Issues)
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
