Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

Remediation

References

CVE-2020-9588

Related Vulnerabilities

Internet Information Services Configuration Vulnerability (CVE-2003-1566)

WordPress Plugin WooCommerce Affiliate-Coupon Affiliates Cross-Site Scripting (4.11.0.1)

WordPress Plugin Church Admin Arbitrary File Upload (1.2530)

WordPress Plugin Custom Banners Cross-Site Scripting (1.2.2.2)

WordPress 3.9.x Cross-Domain Flash Injection Vulnerability (3.9 - 3.9.22)

Severity

High

Classification

CVE-2020-9588 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities