Vulnerabilities > Magento > High

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2019-7859 Path Traversal vulnerability in Magento
A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.
network
low complexity
magento CWE-22
7.5
2019-08-02 CVE-2019-7858 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Magento
A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.
network
low complexity
magento CWE-327
7.5
2019-08-02 CVE-2019-7854 Authorization Bypass Through User-Controlled Key vulnerability in Magento
An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.
network
low complexity
magento CWE-639
7.5
2019-08-02 CVE-2019-7849 Session Fixation vulnerability in Magento
A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules.
network
low complexity
magento CWE-384
7.5
2017-03-01 CVE-2016-6485 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Magento Magento2
The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value.
network
low complexity
magento CWE-327
7.5