CVE-2020-9632

4 documents4 sources
Severity
9.8CRITICAL
EPSS
8.0%
top 7.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Magento Community-editionMagento CoreMagento Magento+2 more
Timeline
PublishedJun 26
Latest updateMay 24

Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

Packagistmagento/core< 1.9.4.5
Packagistmagento/community-edition2.3.02.3.4-p2+1
NVDmagento/magento2.2.02.2.11+3
CVEListV5adobe/magento2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

🔴Vulnerability Details

3
GHSA
Magento security mitigation bypass vulnerability2022-05-24
OSV
Magento security mitigation bypass vulnerability2022-05-24
CVEList
CVE-2020-9632: Magento versions 22020-06-26
CVE-2020-9632 (CRITICAL CVSS 9.8) | Magento versions 2.3.4 and earlier | cvebase.io