CVE-2019-7904Magento vulnerability

4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 82.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MagentoMagento Community-editionAdobe Systems Incorporated Magento 2
Timeline
PublishedAug 2
Latest updateMay 24

Description

Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDmagento/magento2.1.02.1.18+2
Packagistmagento/community-edition2.1.02.1.18+2
CVEListV5adobe_systems_incorporated/magento_2Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2

🔴Vulnerability Details

3
GHSA
Magento 2 Community Edition Insufficient Access Controls2022-05-24
OSV
Magento 2 Community Edition Insufficient Access Controls2022-05-24
CVEList
CVE-2019-7904: Insufficient enforcement of user access controls in Magento 22019-08-02
CVE-2019-7904 — Magento vulnerability | cvebase