Description
An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes.
Remediation
References
Related Vulnerabilities
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5488)
WordPress Plugin All in One Social Lite Server-Side Request Forgery (1.0)
Sqlite Improper Handling of Exceptional Conditions Vulnerability (CVE-2019-19924)
WordPress Plugin Terillion Reviews Profile Id Cross-Site Scripting (1.1)