Description

An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.

Remediation

References

CVE-2019-7854

Related Vulnerabilities

Java Denial of Service (DoS) Vulnerability (CVE-2018-3180)

PostgreSQL Improper Input Validation Vulnerability (CVE-2019-10211)

Oracle Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2004-1364)

WordPress Plugin WordPress Comment Rating Cross-Site Scripting (1.5.3)

WordPress Plugin Social Slider 'rA[]' Parameter SQL Injection (5.6.5)

Severity

High

Classification

CVE-2019-7854 CWE-639 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities