Description
An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gravity Forms Unspecified Vulnerability (2.4.17)
Internet Information Services Other Vulnerability (CVE-2000-0246)
WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.6)
Omeka Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-5100)
Oracle Database Server CVE-2012-3146 Vulnerability (CVE-2012-3146)