Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.

Remediation

References

CVE-2020-9587

Related Vulnerabilities

Jboss EAP Inadequate Encryption Strength Vulnerability (CVE-2014-0224)

Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2017-7668)

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-5594)

PHP Other Vulnerability (CVE-2015-4116)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33938)

Severity

High

Classification

CVE-2020-9587 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities