CVE-2020-9630
published 2020-06-26CVE-2020-9630: Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | magento | — | — |
| magento | community-edition | 0 – 2.2.11 | — |
| magento | community-edition | >= 2.3.0 < 2.3.4-p2 | 2.3.4-p2 |
| magento | core | >= 0 < 1.9.4.5 | 1.9.4.5 |
| magento | magento | <= 1.9.4.4 | — |
| magento | magento | <= 1.14.4.4 | — |
| magento | magento | 2.2.0 – 2.2.11 | — |
| magento | magento | 2.3.0 – 2.3.4 | — |
| magento | project-community-edition | 0 – 2.0.2 | — |