12 matches found
EUVD-2020-0617
Malware in sbrugna...
CVE-2020-15151
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2...
BIT-MAGENTO-2020-15151 Observable Timing Discrepancy in OpenMage LTS
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2...
CVE-2020-15151
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2...
Cross site request forgery (csrf)
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2...
CVE-2020-15151
OpenMage LTS before 19.4.6 and 20.0.2 is affected by CVE-2020-15151, a timing-discrepancy/CSRF-related issue that lets attackers circumvent the fromkey protection in the Admin Interface, increasing CSRF surface. The underlying risk is an observable timing discrepancy that, if exploited, could byp...
GHSA-CRF2-XM6X-46P6 Observable Timing Discrepancy in OpenMage LTS
Impact This vulnerability allows to circumvent the formkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks Patches The latest OpenMage Versions up from 19.4.6 and 20.0.2 have this Issue solved References Related to Adobes CVE-2020-9690...
Observable Timing Discrepancy in OpenMage LTS
Impact This vulnerability allows to circumvent the formkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks Patches The latest OpenMage Versions up from 19.4.6 and 20.0.2 have this Issue solved References Related to Adobes CVE-2020-9690...
Critical Magento Flaws Allow Code Execution
Critical flaws in Adobe’s Magento e-commerce platform – which is commonly targeted by attackers like the Magecart cybergang – could enable arbitrary code execution on affected systems. Magento is a popular, Adobe-owned open-source e-commerce platform that powers many online shops. Adobe on Tuesda...
CVE-2020-9690
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass...
CVE-2020-9690
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass...
CVE-2020-9690
The CVE-2020-9690 observable timing discrepancy affects Magento/OpenMage LTS: OpenMage LTS before 19.4.6 and 20.0.2 allows bypass of fromkey protection in Admin Interface, increasing CSRF risk; patched in 19.4.6 and 20.0.2. Details are tied to Adobe’s CVE-2020-9690; exploitation status is not pro...