Vulnerabilities > CVE-2020-9690 - Information Exposure Through Discrepancy vulnerability in Magento

047910
CVSS 3.5 - LOW
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
magento
CWE-203
NVD
Published: 2020-07-29
Updated: 2020-07-30

Summary

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

Vulnerable Configurations

Part Description Count
Application
Magento
187

Common Weakness Enumeration (CWE)

References