Description

Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.

Remediation

References

CVE-2019-8118

Related Vulnerabilities

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-18650)

Oracle JRE CVE-2023-22044 Vulnerability (CVE-2023-22044)

e107 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-2099)

XWiki Missing Authorization Vulnerability (CVE-2022-31167)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1117)

Severity

Medium

Classification

CVE-2019-8118 CWE-312 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities