Description

Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.

Remediation

References

CVE-2019-7904

Related Vulnerabilities

PHP Numeric Errors Vulnerability (CVE-2006-4486)

Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2011-2487)

Oracle JRE CVE-2024-21144 Vulnerability (CVE-2024-21144)

WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.6)

Django Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-19844)

Severity

Medium

Classification

CVE-2019-7904 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities