CVE Vulnerabilities

CVE-2019-8123

Published: Nov 05, 2019 | Modified: Aug 24, 2020
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes.

Affected Software

Name Vendor Start Version End Version
Magento Magento * 1.9.3.4 (excluding)
Magento Magento * 1.14.4.3 (excluding)
Magento Magento 2.2.0 (including) 2.2.10 (excluding)
Magento Magento 2.3.0 (including) 2.3.2 (including)

References