Vulnerabilities > Magento > Magento > 2.1.2

DATE CVE VULNERABILITY TITLE RISK
2019-11-05 CVE-2019-8124 Insufficient Verification of Data Authenticity vulnerability in Magento
An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento CWE-345
4.0
4.0
2019-11-05 CVE-2019-8122 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento
6.5
6.5
2019-11-05 CVE-2019-8121 Unspecified vulnerability in Magento
An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento
7.5
7.5
2019-11-05 CVE-2019-8120 Cross-site Scripting vulnerability in Magento
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
magento CWE-79
3.5
3.5
2019-11-05 CVE-2019-8119 Unspecified vulnerability in Magento
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento
6.5
6.5
2019-11-05 CVE-2019-8118 Cleartext Storage of Sensitive Information vulnerability in Magento
Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.
network
low complexity
magento CWE-312
5.0
5.0
2019-11-05 CVE-2019-8090 Unspecified vulnerability in Magento
An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3.
network
low complexity
magento
5.5
5.5
2019-10-30 CVE-2019-8235 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions.
network
low complexity
magento CWE-639
4.0
4.0
2019-08-02 CVE-2019-7951 Information Exposure vulnerability in Magento
An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-200
5.0
5.0
2019-08-02 CVE-2019-7950 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-639
5.0
5.0