Lucene search

[email protected]CVE-2020-15151

HistoryAug 20, 2020 - 1:17 a.m.

CVE-2020-15151

2020-08-2001:17:12

CWE-352

CWE-203

[email protected]

web.nvd.nist.gov

openmage

lts

cve-2020-15151

cross site request forgery

adobe

cve-2020-9690

nvd

security vulnerability

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.2%

JSON

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe’s CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.

Affected configurations

Vulners

NVD

Node

openmagemagentoRange<19.4.6

openmagemagentoRange20.0.0–20.0.2

VendorProductVersionCPE
openmagemagento*cpe:2.3:a:openmage:magento:*:*:*:*:*:*:*:*
openmagemagento*cpe:2.3:a:openmage:magento:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openmage	magento	*	cpe:2.3:a:openmage:magento::::::::
openmage	magento	*	cpe:2.3:a:openmage:magento::::::::

CNA Affected

[
  {
    "product": "magento-lts",
    "vendor": "OpenMage",
    "versions": [
      {
        "status": "affected",
        "version": "< 19.4.6\""
      },
      {
        "status": "affected",
        "version": ">= 20.0.0, < 20.0.2"
      }
    ]
  }
]