Description

A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7860

Related Vulnerabilities

WordPress Plugin WordPress Landing Pages Unspecified Vulnerability (2.0.2)

Sqlite Improper Input Validation Vulnerability (CVE-2016-6153)

WordPress Plugin Product Addons & Fields for WooCommerce Unspecified Vulnerability (13.7)

WordPress Plugin Custom CSS Pro Cross-Site Request Forgery (1.0.3)

Magento Insufficient Session Expiration Vulnerability (CVE-2021-21031)

Severity

High

Classification

CVE-2019-7860 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities