Description

An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.

Remediation

References

CVE-2019-8124

Related Vulnerabilities

WordPress Plugin DSGVO All in one for WP Cross-Site Scripting (4.1)

EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38844)

WordPress 2.8.3 Admin Password Reset Security Bypass Vulnerability (0.6.2 - 2.8.3)

WordPress 5.1.x PHP Object Injection (5.1 - 5.1.9)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17301)

Severity

High

Classification

CVE-2019-8124 CWE-345 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities