Vulnerabilities > Magento

DATE CVE VULNERABILITY TITLE RISK
2020-06-26 CVE-2020-9588 Information Exposure Through Discrepancy vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability.
network
low complexity
magento CWE-203
6.5
2020-06-26 CVE-2020-9587 Incorrect Authorization vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability.
network
low complexity
magento CWE-863
5.0
2020-06-26 CVE-2020-9585 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability.
network
low complexity
magento
7.5
2020-06-26 CVE-2020-9584 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability.
network
magento CWE-79
3.5
2020-06-26 CVE-2020-9583 OS Command Injection vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability.
network
low complexity
magento CWE-78
7.5
2020-06-26 CVE-2020-9582 OS Command Injection vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability.
network
low complexity
magento CWE-78
7.5
2020-06-26 CVE-2020-9581 Cross-site Scripting vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability.
network
magento CWE-79
4.3
2020-06-26 CVE-2020-9580 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability.
network
low complexity
magento
7.5
2020-06-26 CVE-2020-9579 Unspecified vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability.
network
low complexity
magento
7.5
2020-06-26 CVE-2020-9578 OS Command Injection vulnerability in Magento
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability.
network
low complexity
magento CWE-78
7.5