CVE-2019-8124Insufficient Verification of Data Authenticity in Magento

CWE-345Insufficient Verification of Data Authenticity5 documents5 sources
Severity
4.9MEDIUMNVD
EPSS
0.2%
top 58.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MagentoMagento Community-editionAdobe Systems Incorporated Magento 2
Timeline
PublishedNov 5
Latest updateMay 24

Description

An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

NVDmagento/magento2.1.02.1.19+3
Packagistmagento/community-edition2.1.02.1.19+2
CVEListV5adobe_systems_incorporated/magento_2Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2

🔴Vulnerability Details

3
OSV
Magento 2 Community Edition Insufficient Logging2022-05-24
GHSA
Magento 2 Community Edition Insufficient Logging2022-05-24
CVEList
CVE-2019-8124: An insufficient logging and monitoring vulnerability exists in Magento 22019-11-05

💥Exploits & PoCs

1
Exploit-DB
iScripts ReserveLogic - SQL Injection2019-04-03
CVE-2019-8124 — Magento vulnerability | cvebase