Description

A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7849

Related Vulnerabilities

Oracle Database Server CVE-2006-0260 Vulnerability (CVE-2006-0260)

Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2023-28334)

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-6637)

Django DEPRECATED: Code Vulnerability (CVE-2015-0222)

WordPress Plugin YITH Maintenance Mode Multiple Cross-Site Scripting Vulnerabilities (1.3.8)

Severity

High

Classification

CVE-2019-7849 CWE-384 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities