Description
A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts.
Remediation
References
Related Vulnerabilities
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3488)
WordPress Plugin Duplicate Post SQL Injection (1.1.9)
MediaWiki Incorrect Default Permissions Vulnerability (CVE-2011-4361)
Apache HTTP Server Other Vulnerability (CVE-2002-1233)
WordPress Plugin Online Lesson Booking Multiple Vulnerabilities (0.8.6)