PT-2020-6328 · Adobe · Magento
Published
2020-04-28
·
Updated
2024-03-06
·
CVE-2020-9591
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Magento versions 2.3.4 and earlier
Magento versions 2.2.11 and earlier
Magento version 1.14.4.4 and earlier
Magento version 1.9.4.4 and earlier
Description
The issue is related to insufficient access control, which could allow a remote attacker to gain unauthorized access to the admin panel. Successful exploitation of this defense-in-depth security mitigation could lead to unauthorized access.
Recommendations
For Magento versions 2.3.4 and earlier, update to a version later than 2.3.4 to resolve the issue.
For Magento versions 2.2.11 and earlier, update to a version later than 2.2.11 to resolve the issue.
For Magento version 1.14.4.4 and earlier, update to a version later than 1.14.4.4 to resolve the issue.
For Magento version 1.9.4.4 and earlier, update to a version later than 1.9.4.4 to resolve the issue.
Fix
Improper Access Control
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Magento