Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.

Remediation

References

CVE-2020-9587

Related Vulnerabilities

Drupal Improper Input Validation Vulnerability (CVE-2012-5653)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1835)

WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.2)

MySQL CVE-2012-0118 Vulnerability (CVE-2012-0118)

Phusion Passenger Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2018-12029)

Severity

High

Classification

CVE-2020-9587 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities