← volver
CVE-2020-15151

Observable Timing Discrepancy in OpenMage LTS

CVSS 8 HIGHEPSS 0.9%CWE-203
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Productos afectados
OpenMage · magento-lts

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347ahttps://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6https://helpx.adobe.com/security/products/magento/apsb20-47.html