CVE-2019-7849

2019-08-0221:10:02

adobe

www.cve.org

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.3%

JSON

A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2.

CNA Affected

[
  {
    "product": "Magento 1 Magento 2",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2"
      }
    ]
  }
]