Description

A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.

Remediation

References

CVE-2019-7858

Related Vulnerabilities

Oracle Database Server CVE-2018-2680 Vulnerability (CVE-2018-2680)

Jetty Integer Overflow or Wraparound Vulnerability (CVE-2023-36478)

PHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10547)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Scripting (2.3.1)

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Request Forgery (1.22.24)

Severity

High

Classification

CVE-2019-7858 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities