Vulnerability CVE-2020-9690

Vulnerability CVE-2020-9690

Published: 2020-07-29

Description:

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

Type:

CWE-203

(Information Exposure Through Discrepancy)

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
3.5/10	2.9/10	6.8/10

Exploit range	Attack complexity	Authentication
Remote	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Magento -> Magento

References:

https://helpx.adobe.com/security/products/magento/apsb20-47.html

Copyright 2024, cxsecurity.com