Description

A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.

Remediation

References

CVE-2019-7858

Related Vulnerabilities

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.21)

WordPress Plugin WooCommerce Checkout Manager Multiple Unspecified Vulnerabilities (3.6.9)

Oracle Database Server CVE-2012-0520 Vulnerability (CVE-2012-0520)

Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.26)

WordPress Plugin WooCommerce Possible Remote Code Execution (3.4.5)

Severity

High

Classification

CVE-2019-7858 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities