Description

An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes.

Remediation

References

CVE-2019-8123

Related Vulnerabilities

Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3089)

Moodle Insertion of Sensitive Information into Log File Vulnerability (CVE-2018-10889)

WordPress Plugin Front End Upload Arbitrary File Upload (0.5.4.4)

Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2024-23323)

WordPress Plugin Broken Link Checker Multiple Cross-Site Scripting Vulnerabilities (1.9.1)

Severity

Medium

Classification

CVE-2019-8123 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities