CVE-2019-8118
published 2019-11-05CVE-2019-8118: Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for…
PriorityP423medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.73%
49.6th percentile
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe_systems_incorporated | magento_2 | — | — |
| magento | community-edition | >= 2.1.0 < 2.1.19 | 2.1.19 |
| magento | community-edition | >= 2.2.0 < 2.2.10 | 2.2.10 |
| magento | community-edition | >= 2.3.0 < 2.3.3 | 2.3.3 |
| magento | magento | — | — |
| magento | magento | >= 2.1.0 < 2.1.19 | 2.1.19 |
| magento | magento | >= 2.2.0 < 2.2.10 | 2.2.10 |
| magento | magento | >= 2.3.0 < 2.3.2 | 2.3.2 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Magento 2 Community Edition Weak Cryptography
osv·2022-05-24
CVE-2019-8118 [MEDIUM] Magento 2 Community Edition Weak Cryptography
Magento 2 Community Edition Weak Cryptography
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
GHSA
Magento 2 Community Edition Weak Cryptography
ghsa·2022-05-24
CVE-2019-8118 [MEDIUM] CWE-312 Magento 2 Community Edition Weak Cryptography
Magento 2 Community Edition Weak Cryptography
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-15613 CVE-2019-15612 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
bugzilla·2020-02-21·CVSS 5.9
CVE-2019-15613 [MEDIUM] CVE-2019-15613 CVE-2019-15612 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
CVE-2019-15613 CVE-2019-15612 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs fixed in nextcloud 15, 16 and 17
Several CVEs fixed in nextcloud 15, 16 and 17.
https://nextcloud.com/security/advisory/?id=NC-SA-2020-001
https://nextcloud.com/security/advisory/?id=NC-SA-2020-002
https://nextcloud.com/security/advisory/?id=NC-SA-2020-005
https://nextcloud.com/security/advisory/?id=NC-SA-2020-006
https://nextcloud.com/security/advisory/?id=NC-SA-2020-007
https://nextcloud.com/security/advisory/?id=NC-SA-2020-012
https://nextcloud.com/security/advisory/?id=NC-SA-2019-016
https://nextcloud.com/security/advisory/?id=NC-SA-2019-015
https://nextcloud.com/security/advisory/?id=NC
Bugzilla
CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
bugzilla·2020-02-21·CVSS 5.9
CVE-2019-15612 [MEDIUM] CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs fixed in nextcloud 15, 16 and 17 [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level
2019-11-05
Published