Description

A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.

Remediation

References

CVE-2019-7855

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38265)

WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.3)

Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4906)

MySQL CVE-2015-0503 Vulnerability (CVE-2015-0503)

WordPress Plugin Calculated Fields Form Cross-Site Scripting (1.0.353)

Severity

Medium

Classification

CVE-2019-7855 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities