Description

A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.

Remediation

References

CVE-2019-7858

Related Vulnerabilities

Jboss EAP Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2018-1067)

WordPress Plugin WPS Hide Login Cross-Site Request Forgery (1.0)

phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16108)

WordPress Plugin WordPress Filter Gallery Cross-Site Scripting (0.1.5)

WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster Security Bypass (2.6.4)

Severity

High

Classification

CVE-2019-7858 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities