CVE-2019-7899

{"id": "CVE-2019-7899", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2019-08-02T22:15:17.393", "references": [{"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2."}, {"lang": "es", "value": "Los nombres de productos descargables inhabilitados podr\u00edan ser divulgados debido a una comprobaci\u00f3n inadecuada de la entrada de usuario en Magento Open Source anterior a versi\u00f3n 1.9.4.2, y Magento Commerce anterior a versi\u00f3n 1.14.4.2, Magento versiones 2.1 anteriores a 2.1.18, Magento versiones 2.2 anteriores a 2.2.9, Magento versiones 2.3 anteriores a 2.3.2."}], "lastModified": "2024-11-21T04:48:56.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "175A1F6D-A026-4D73-BAA3-F02997413264", "versionEndExcluding": "1.9.4.2"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "vulnerable": true, "matchCriteriaId": "E41B3DA4-247E-41F6-89F0-1527036DA3CC", "versionEndExcluding": "1.14.4.2"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "DE066118-96FB-423F-B962-F904ACD6340C", "versionEndExcluding": "2.1.18", "versionStartIncluding": "2.1.0"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "C7822059-9FC0-45E5-826B-4DF2AB07F2BD", "versionEndExcluding": "2.2.9", "versionStartIncluding": "2.2.0"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "6B8C5A27-2957-4373-B0FE-8C7585B4B04E", "versionEndExcluding": "2.3.2", "versionStartIncluding": "2.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}