Description

An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.

Remediation

References

CVE-2019-7854

Related Vulnerabilities

WordPress Plugin WordPress Content Slide Multiple Vulnerabilities (1.4.2)

WebLogic Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-23457)

MySQL CVE-2013-3809 Vulnerability (CVE-2013-3809)

Oracle HTTP Server Improper Certificate Validation Vulnerability (CVE-2020-26184)

PHP NULL Pointer Dereference Vulnerability (CVE-2018-10548)

Severity

High

Classification

CVE-2019-7854 CWE-639 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities