admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-78xx/CVE-2019-7890.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

120 lines
3.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-7890",
"sourceIdentifier": "psirt@adobe.com",
"published": "2019-08-02T22:15:16.957",
"lastModified": "2020-08-24T17:37:01.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Referencia Directa a Objetos No Segura (IDOR) en el flujo de trabajo de procesamiento de pedidos de Magento versiones 2.1 anteriores a 2.1.18, Magento versiones 2.2 anteriores a 2.2.9, Magento versiones 2.3 anterior a 2.3.2. Esto puede conllevar a un acceso no autorizado a los detalles del pedido."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
"versionStartIncluding": "2.1.0",
"versionEndExcluding": "2.1.18",
"matchCriteriaId": "DE066118-96FB-423F-B962-F904ACD6340C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
"versionStartIncluding": "2.2.0",
"versionEndExcluding": "2.2.9",
"matchCriteriaId": "C7822059-9FC0-45E5-826B-4DF2AB07F2BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
"versionStartIncluding": "2.3.0",
"versionEndExcluding": "2.3.2",
"matchCriteriaId": "6B8C5A27-2957-4373-B0FE-8C7585B4B04E"
}
]
}
]
}
],
"references": [
{
"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23",
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink