Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.

Remediation

References

CVE-2020-9587

Related Vulnerabilities

Oracle Database Server CVE-2022-21393 Vulnerability (CVE-2022-21393)

WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Open Redirect (4.0)

phpMyFAQ Permission Issues Vulnerability (CVE-2014-6047)

Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2020-27223)

Oracle HTTP Server Improper Restriction of XML External Entity Reference Vulnerability (CVE-2018-20843)

Severity

High

Classification

CVE-2020-9587 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities