CVE-2014-9025

Name of the Vulnerable Software and Affected Versions Drupal Commerce module versions 7.x-1.x before 7.x-1.10

Description The issue in the commerce order module allows remote attackers to obtain sensitive information via unspecified vectors. This is due to the default checkout completion rule using the email address as the username for new accounts created at checkout.

Recommendations For versions prior to 7.x-1.10, update to version 7.x-1.10 or later to resolve the issue.