Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities found for Magento 1 by Adobe Systems Incorporated
CVE-2019-8231 (GCVE-0-2019-8231)
Vulnerability from nvd – Published: 2019-11-05 23:56 – Updated: 2024-08-04 21:10
VLAI?
Summary
In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3
Affected: Magento Commerce prior to 1.14.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:33.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "Magento Commerce prior to 1.14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T23:56:33.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3"
},
{
"version_value": "Magento Commerce prior to 1.14.4.3"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8231",
"datePublished": "2019-11-05T23:56:33.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:33.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8230 (GCVE-0-2019-8230)
Vulnerability from nvd – Published: 2019-11-05 23:57 – Updated: 2024-08-04 21:10
VLAI?
Summary
In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3
Affected: and Magento Commerce prior to 1.14.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:33.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "and Magento Commerce prior to 1.14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T23:57:36.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3"
},
{
"version_value": "and Magento Commerce prior to 1.14.4.3"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8230",
"datePublished": "2019-11-05T23:57:36.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:33.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8229 (GCVE-0-2019-8229)
Vulnerability from nvd – Published: 2019-11-05 23:58 – Updated: 2024-08-04 21:10
VLAI?
Summary
In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3
Affected: and Magento Commerce prior to 1.14.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:33.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "and Magento Commerce prior to 1.14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T23:58:28.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3"
},
{
"version_value": "and Magento Commerce prior to 1.14.4.3"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8229",
"datePublished": "2019-11-05T23:58:28.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:33.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8228 (GCVE-0-2019-8228)
Vulnerability from nvd – Published: 2019-11-05 23:59 – Updated: 2024-08-04 21:10
VLAI?
Summary
in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3
Affected: Magento Commerce prior to 1.14.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:33.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "Magento Commerce prior to 1.14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T23:59:27.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3"
},
{
"version_value": "Magento Commerce prior to 1.14.4.3"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8228",
"datePublished": "2019-11-05T23:59:27.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:33.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8227 (GCVE-0-2019-8227)
Vulnerability from nvd – Published: 2019-11-06 00:00 – Updated: 2024-08-04 21:10
VLAI?
Summary
In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3
Affected: and Magento Commerce prior to 1.14.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:33.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "and Magento Commerce prior to 1.14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:00:15.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3"
},
{
"version_value": "and Magento Commerce prior to 1.14.4.3"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8227",
"datePublished": "2019-11-06T00:00:16.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:33.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8155 (GCVE-0-2019-8155)
Vulnerability from nvd – Published: 2019-11-05 23:52 – Updated: 2024-08-04 21:10
VLAI?
Summary
Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.
Severity ?
No CVSS data available.
CWE
- Information leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3
Affected: Magento Commerce prior to 1.14.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:33.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "Magento Commerce prior to 1.14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user\u0027s CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T23:52:16.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3"
},
{
"version_value": "Magento Commerce prior to 1.14.4.3"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user\u0027s CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8155",
"datePublished": "2019-11-05T23:52:16.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:33.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8125 (GCVE-0-2019-8125)
Vulnerability from nvd – Published: 2019-11-05 22:51 – Updated: 2024-08-04 21:10
VLAI?
Summary
A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:32.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T22:51:21.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3."
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8125",
"datePublished": "2019-11-05T22:51:21.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:32.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8091 (GCVE-0-2019-8091)
Vulnerability from nvd – Published: 2019-11-05 22:08 – Updated: 2024-08-04 21:10
VLAI?
Summary
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3
Affected: and Magento Commerce prior to 1.14.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:32.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "and Magento Commerce prior to 1.14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T22:08:55.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3"
},
{
"version_value": "and Magento Commerce prior to 1.14.4.3"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8091",
"datePublished": "2019-11-05T22:08:55.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:32.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8227 (GCVE-0-2019-8227)
Vulnerability from cvelistv5 – Published: 2019-11-06 00:00 – Updated: 2024-08-04 21:10
VLAI?
Summary
In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3
Affected: and Magento Commerce prior to 1.14.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:33.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "and Magento Commerce prior to 1.14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:00:15.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3"
},
{
"version_value": "and Magento Commerce prior to 1.14.4.3"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when creating profile action XML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8227",
"datePublished": "2019-11-06T00:00:16.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:33.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8228 (GCVE-0-2019-8228)
Vulnerability from cvelistv5 – Published: 2019-11-05 23:59 – Updated: 2024-08-04 21:10
VLAI?
Summary
in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3
Affected: Magento Commerce prior to 1.14.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:33.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "Magento Commerce prior to 1.14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T23:59:27.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3"
},
{
"version_value": "Magento Commerce prior to 1.14.4.3"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creating a new email template or editing existing email template."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8228",
"datePublished": "2019-11-05T23:59:27.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:33.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8229 (GCVE-0-2019-8229)
Vulnerability from cvelistv5 – Published: 2019-11-05 23:58 – Updated: 2024-08-04 21:10
VLAI?
Summary
In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3
Affected: and Magento Commerce prior to 1.14.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:33.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "and Magento Commerce prior to 1.14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T23:58:28.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3"
},
{
"version_value": "and Magento Commerce prior to 1.14.4.3"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8229",
"datePublished": "2019-11-05T23:58:28.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:33.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8230 (GCVE-0-2019-8230)
Vulnerability from cvelistv5 – Published: 2019-11-05 23:57 – Updated: 2024-08-04 21:10
VLAI?
Summary
In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3
Affected: and Magento Commerce prior to 1.14.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:33.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "and Magento Commerce prior to 1.14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T23:57:36.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3"
},
{
"version_value": "and Magento Commerce prior to 1.14.4.3"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/output path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8230",
"datePublished": "2019-11-05T23:57:36.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:33.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8231 (GCVE-0-2019-8231)
Vulnerability from cvelistv5 – Published: 2019-11-05 23:56 – Updated: 2024-08-04 21:10
VLAI?
Summary
In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3
Affected: Magento Commerce prior to 1.14.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:33.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "Magento Commerce prior to 1.14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T23:56:33.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3"
},
{
"version_value": "Magento Commerce prior to 1.14.4.3"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8231",
"datePublished": "2019-11-05T23:56:33.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:33.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8155 (GCVE-0-2019-8155)
Vulnerability from cvelistv5 – Published: 2019-11-05 23:52 – Updated: 2024-08-04 21:10
VLAI?
Summary
Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.
Severity ?
No CVSS data available.
CWE
- Information leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3
Affected: Magento Commerce prior to 1.14.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:33.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "Magento Commerce prior to 1.14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user\u0027s CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T23:52:16.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3"
},
{
"version_value": "Magento Commerce prior to 1.14.4.3"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user\u0027s CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8155",
"datePublished": "2019-11-05T23:52:16.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:33.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8125 (GCVE-0-2019-8125)
Vulnerability from cvelistv5 – Published: 2019-11-05 22:51 – Updated: 2024-08-04 21:10
VLAI?
Summary
A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:32.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T22:51:21.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3."
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8125",
"datePublished": "2019-11-05T22:51:21.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:32.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8091 (GCVE-0-2019-8091)
Vulnerability from cvelistv5 – Published: 2019-11-05 22:08 – Updated: 2024-08-04 21:10
VLAI?
Summary
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe Systems Incorporated | Magento 1 |
Affected:
Magento Open Source prior to 1.9.4.3
Affected: and Magento Commerce prior to 1.14.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:10:32.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento 1",
"vendor": "Adobe Systems Incorporated",
"versions": [
{
"status": "affected",
"version": "Magento Open Source prior to 1.9.4.3"
},
{
"status": "affected",
"version": "and Magento Commerce prior to 1.14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T22:08:55.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://magento.com/security/patches/supee-11219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-8091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento 1",
"version": {
"version_data": [
{
"version_value": "Magento Open Source prior to 1.9.4.3"
},
{
"version_value": "and Magento Commerce prior to 1.14.4.3"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/supee-11219",
"refsource": "MISC",
"url": "https://magento.com/security/patches/supee-11219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-8091",
"datePublished": "2019-11-05T22:08:55.000Z",
"dateReserved": "2019-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:10:32.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}