Description

An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.

Remediation

References

CVE-2019-7854

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-5688)

Zope Web Application Server Other Vulnerability (CVE-2000-1212)

WordPress Plugin Velvet Blues Update URLs Unspecified Vulnerability (2.1)

WordPress Plugin WP-RecentComments 'page' Parameter Cross-Site Scripting (2.0.6)

Drupal Session Fixation Vulnerability (CVE-2008-3222)

Severity

High

Classification

CVE-2019-7854 CWE-639 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities