Description

Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.

Remediation

References

CVE-2019-8118

Related Vulnerabilities

Sqlite Use After Free Vulnerability (CVE-2020-13630)

TYPO3 Improper Input Validation Vulnerability (CVE-2012-1608)

MySQL CVE-2022-21316 Vulnerability (CVE-2022-21316)

WordPress Plugin SEO Plugin LiveOptim Multiple Vulnerabilities (1.1.8-free)

WordPress Plugin MainWP Child Reports SQL Injection (2.0.7)

Severity

Medium

Classification

CVE-2019-8118 CWE-312 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities