7.2

CVE-2019-8119

EPSS 1.81%
Veröffentlicht 05.11.2019 23:15:12
Zuletzt bearbeitet 21.11.2024 04:49:19
Quelle psirt@adobe.com
Teams Watchlist Login
Unerledigt Login

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Magento ≫ Magento SwEditioncommerce Version >= 2.1.0 < 2.1.19

Magento ≫ Magento SwEditionopen_source Version >= 2.1.0 < 2.1.19

Magento ≫ Magento SwEditioncommerce Version >= 2.2.0 < 2.2.10

Magento ≫ Magento SwEditionopen_source Version >= 2.2.0 < 2.2.10

Magento ≫ Magento SwEditioncommerce Version >= 2.3.0 <= 2.3.2

Magento ≫ Magento SwEditionopen_source Version >= 2.3.0 <= 2.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.81%	0.812

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-8119

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-8119

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-8119

EUVD