PT-2019-18889 · Adobe · Magento
Publicado
2019-11-05
·
Atualizado
2022-05-24
·
CVE-2019-8113
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Magento versions 2.2 prior to 2.2.10
Magento versions 2.3 prior to 2.3.3
Magento version 2.3.2-p1
Description
The issue concerns the use of a cryptographically weak random number generator. This weakness can be exploited to brute-force the confirmation code for customer registration.
Recommendations
For Magento version 2.2, update to version 2.2.10 or later.
For Magento version 2.3, update to version 2.3.3 or later.
For Magento version 2.3.2-p1, update to a version that addresses this issue, such as 2.3.3 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Magento