CVE-2019-7860
published 2019-08-02CVE-2019-7860: A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to…
PriorityP338high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
1.19%
64.0th percentile
A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| magento | community-edition | >= 2.1.0 < 2.1.18 | 2.1.18 |
| magento | community-edition | >= 2.2.0 < 2.2.9 | 2.2.9 |
| magento | community-edition | >= 2.3.0 < 2.3.2 | 2.3.2 |
| magento | magento | >= 2.1.0 < 2.1.18 | 2.1.18 |
| magento | magento | >= 2.2.0 < 2.2.9 | 2.2.9 |
| magento | magento | >= 2.3.0 < 2.3.2 | 2.3.2 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Magento 2 Community Edition Weak PRNG
osv·2022-05-24
CVE-2019-7860 [HIGH] Magento 2 Community Edition Weak PRNG
Magento 2 Community Edition Weak PRNG
A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
GHSA
Magento 2 Community Edition Weak PRNG
ghsa·2022-05-24
CVE-2019-7860 [HIGH] CWE-338 Magento 2 Community Edition Weak PRNG
Magento 2 Community Edition Weak PRNG
A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-08-02
Published