Unauthorized Disclosure of Company Credit History Details in Magento 2.x

Unauthorized Disclosure of Company Credit History Details in Magento 2.x

CVE-2019-7854 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.

Learn more about our Web Application Penetration Testing UK.