Description

A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.

Remediation

References

CVE-2019-7855

Related Vulnerabilities

WordPress Plugin External Links-nofollow, noopener & new window Multiple Cross-Site Scripting Vulnerabilities (1.80)

LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3752)

Apache Traffic Server Exposure of Resource to Wrong Sphere Vulnerability (CVE-2018-8040)

OpenSSL Improper Input Validation Vulnerability (CVE-2015-1787)

Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.8)

Severity

Medium

Classification

CVE-2019-7855 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities