Denial-of-Service (DoS) Vulnerability in Magento's PayPal Integration

Denial-of-Service (DoS) Vulnerability in Magento's PayPal Integration

CVE-2019-7928 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal.

Learn more about our Cis Benchmark Audit For Microsoft Exchange Server.