Description

An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.

Remediation

References

CVE-2019-7854

Related Vulnerabilities

WordPress Plugin Ecwid Ecommerce Shopping Cart PHP Object Injection (4.4.3)

Oracle JRE CVE-2013-1480 Vulnerability (CVE-2013-1480)

PostgreSQL Other Vulnerability (CVE-2002-1398)

WordPress Plugin Accept Stripe Donation-AidWP Cross-Site Request Forgery (3.1.5)

WordPress Plugin WordPress Poll Multiple SQL Injection Vulnerabilities (33.5)

Severity

High

Classification

CVE-2019-7854 CWE-639 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities