Description

Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.

Remediation

References

CVE-2019-8118

Related Vulnerabilities

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)

WordPress Plugin Relocate Upload 'abspath' Parameter Remote File Include (0.14)

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-1397)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-1517)

WordPress Plugin ABASE Multiple Vulnerabilities (2.6)

Severity

Medium

Classification

CVE-2019-8118 CWE-312 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities