Description

A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal.

Remediation

References

CVE-2019-7928

Related Vulnerabilities

Sqlite Out-of-bounds Read Vulnerability (CVE-2017-10989)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5297)

WordPress Plugin ARForms:Wordpress Form Builder Arbitrary File Deletion (3.7.1)

Oracle Database Server CVE-2010-0901 Vulnerability (CVE-2010-0901)

WordPress Plugin Email Users Cross-Site Request Forgery (4.8.3)

Severity

High

Classification

CVE-2019-7928 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities