cbcvebase.
CVE-2020-15151
published 2020-08-20

CVE-2020-15151: OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface…

PriorityP335high8CVSS 3.1
AVNACHPRNUIRSCCHIHAN
EPSS
0.93%
56.2th percentile
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.

Affected

7 ranges
VendorProductVersion rangeFixed in
magentomagento<= 2.3.5
openmagemagento-lts< 19.4.6"19.4.6"
openmagemagento-lts
openmagemagento-lts>= 0 < 19.4.619.4.6
openmagemagento-lts>= 20.0.0 < 20.0.220.0.2
openmageopenmage_long_term_support< 19.4.619.4.6
openmageopenmage_long_term_support>= 20.0.0 < 20.0.220.0.2

CVSS provenance

nvdv3.18.0HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:N
ghsa4.2MEDIUM
osv4.2MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.