Description

A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.

Remediation

References

CVE-2019-7855

Related Vulnerabilities

IBM WebSEAL Incorrect Default Permissions Vulnerability (CVE-2023-38370)

WordPress Plugin MicroCopy SQL Injection (1.1.0)

WordPress Plugin Booking Calendar SQL Injection (6.2.2)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.13)

Oracle JRE CVE-2019-2945 Vulnerability (CVE-2019-2945)

Severity

Medium

Classification

CVE-2019-7855 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities