CVE-2019-7849

Name of the Vulnerable Software and Affected Versions Magento 1.x versions prior to 1.9.4.2 Magento Commerce versions prior to 1.14.4.2 Magento 2.1 versions prior to 2.1.18 Magento 2.2 versions prior to 2.2.9 Magento 2.3 versions prior to 2.3.2 Adobe Campaign Classic (affected versions not specified)

Description The issue is related to inadequate session validation handling, which can be exploited by a remote attacker to impact data integrity. A defense-in-depth check was added to mitigate this issue in certain versions of Magento.

Recommendations For Magento 1.x versions prior to 1.9.4.2, update to version 1.9.4.2 or later. For Magento Commerce versions prior to 1.14.4.2, update to version 1.14.4.2 or later. For Magento 2.1 versions prior to 2.1.18, update to version 2.1.18 or later. For Magento 2.2 versions prior to 2.2.9, update to version 2.2.9 or later. For Magento 2.3 versions prior to 2.3.2, update to version 2.3.2 or later. At the moment, there is no information about a newer version that contains a fix for Adobe Campaign Classic.