admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-244xx/CVE-2020-24400.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

151 lines
4.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-24400",
"sourceIdentifier": "psirt@adobe.com",
"published": "2020-11-09T01:15:12.257",
"lastModified": "2020-11-12T17:56:45.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database."
},
{
"lang": "es",
"value": "Magento versiones 2.4.0 y 2.3.5 (y anteriores) est\u00e1n afectadas por una vulnerabilidad de inyecci\u00f3n SQL que podr\u00eda conllevar a una divulgaci\u00f3n de informaci\u00f3n confidencial. Esta vulnerabilidad podr\u00eda ser explotada por un usuario autenticado con permisos en la p\u00e1gina del listado de productos para leer datos de la base de datos"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*",
"versionEndExcluding": "2.3.5",
"matchCriteriaId": "E0A4B080-331A-45E2-85A7-ED717F6EAA53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
"versionEndExcluding": "2.3.5",
"matchCriteriaId": "64E6568D-2E8F-4E7F-9DEE-96B64D8AF769"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.3.5:-:*:*:commerce:*:*:*",
"matchCriteriaId": "5C6FC988-E98F-45F1-9FED-426BD70B9EED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.3.5:-:*:*:open_source:*:*:*",
"matchCriteriaId": "8FA0AF98-C822-4419-B4ED-E74AB5A740D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.4.0:*:*:*:commerce:*:*:*",
"matchCriteriaId": "8B564171-2253-412F-B936-8FEA1074BBBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:2.4.0:*:*:*:open_source:*:*:*",
"matchCriteriaId": "446F9B89-3455-46F4-A7B0-CCA7857E0FC4"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb20-59.html",
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink