Magento Incorrect Authorization Vulnerability (CVE-2020-9587)

Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.

Remediation

References

CVE-2020-9587

Related Vulnerabilities

WordPress Plugin User Meta Manager Information Disclosure (3.4.7)

WordPress Plugin Check & Log Email Cross-Site Scripting (0.3)

Jenkins Improper Input Validation Vulnerability (CVE-2016-0789)

Nginx Out-of-bounds Write Vulnerability (CVE-2014-0133)

Squid Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-41317)

Severity

High

Classification

CVE-2020-9587 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N