Description

Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.

Remediation

References

CVE-2019-8118

Related Vulnerabilities

WordPress Plugin Cardinity Payment Gateway for WooCommerce Cross-Site Scripting (3.0.6)

WordPress Plugin Post Grid PHP Object Injection (2.0.11)

MySQL CVE-2019-3003 Vulnerability (CVE-2019-3003)

Grafana Signature Verification Vulnerability (CVE-2020-27846)

WordPress Plugin Awesome Support-WordPress HelpDesk & Support Multiple Vulnerabilities (4.3.1)

Severity

Medium

Classification

CVE-2019-8118 CWE-312 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities