Magento

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-21	CVE-2020-15244	Deserialization of Untrusted Data vulnerability in Openmage Magento In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. network low complexity openmage CWE-502	7.2

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.