CVE-2019-7855
Severity Score
5.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.
Un fallo criptográfico en Magento versiones 2.1 anteriores a 2.1.18, Magento versiones 2.2 anteriores a 2.2.9, Magento versiones 2.3 anteriores a 2.3.2, podría ser abusado por un usuario no autenticado para detectar un invariante utilizado en la generación de tarjetas de regalo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-02-12 CVE Reserved
- 2019-08-02 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23 | 2021-07-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Magento Search vendor "Magento" | Magento Search vendor "Magento" for product "Magento" | >= 2.1.0 < 2.1.18 Search vendor "Magento" for product "Magento" and version " >= 2.1.0 < 2.1.18" | open_source |
Affected
| ||||||
| Magento Search vendor "Magento" | Magento Search vendor "Magento" for product "Magento" | >= 2.2.0 < 2.2.9 Search vendor "Magento" for product "Magento" and version " >= 2.2.0 < 2.2.9" | open_source |
Affected
| ||||||
| Magento Search vendor "Magento" | Magento Search vendor "Magento" for product "Magento" | >= 2.3.0 < 2.3.2 Search vendor "Magento" for product "Magento" and version " >= 2.3.0 < 2.3.2" | open_source |
Affected
| ||||||