Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

Remediation

References

CVE-2020-9588

Related Vulnerabilities

phpMyAdmin Improper Input Validation Vulnerability (CVE-2008-4096)

WordPress Plugin 404 SEO Redirection Cross-Site Scripting (1.3)

WordPress Plugin Subscribe Form Remote Command Execution (1.1)

Oracle JRE CVE-2013-3744 Vulnerability (CVE-2013-3744)

WordPress Plugin Responsive Poll Multiple Vulnerabilities (1.7.4)

Severity

High

Classification

CVE-2020-9588 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities