Description

An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.

Remediation

References

CVE-2019-7854

Related Vulnerabilities

WordPress Plugin VideoWhisper Video Presentation Multiple Cross-Site Scripting Vulnerabilities (3.25)

GlassFish Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5266)

WordPress 4.6 Multiple Vulnerabilities (4.6)

WordPress 5.2.x PHP Object Injection (5.2 - 5.2.10)

Jboss EAP Improper Input Validation Vulnerability (CVE-2010-3862)

Severity

High

Classification

CVE-2019-7854 CWE-639 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities