Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.

Remediation

References

CVE-2020-9587

Related Vulnerabilities

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0929)

WordPress Plugin Dean's Permalinks Migration Cross-Site Request Forgery (1.0)

MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-5611)

WordPress Plugin YITH WooCommerce Multi-step Checkout Security Bypass (1.7.4)

phpMyAdmin Cryptographic Issues Vulnerability (CVE-2016-9847)

Severity

High

Classification

CVE-2020-9587 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities