CVE-2019-7890

State: PUBLISHED · Published: 2019-08-02 · Updated: 2024-08-04 · Assigner: adobe

Description

An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.

CWE

(none)

Affected

n/a / Magento 2 — v=Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 [affected]

CVSS

(none)

References

https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2019/7xxx/CVE-2019-7890.json