IDOR vulnerability exists in Magento

Overview :
An insecure direct object reference (IDOR) vulnerability exists in Magento
Affected Product(s) :
  • Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8
  • Magento 2.1 prior to 2.1.17
Vulnerability Details :
CVE ID : CVE-2019-8235
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input.

Solution :
Magento fix the issue on his latest versions, users requested to update the same

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-AVAST2 : Self-Defense Bypass via Repairing Function

Description It was noted that there is security checking to prevent some of the Avast processes from loading of undesired/unsigned

CVE-2022-21500 : Oracle Security Alert Advisory

Description This Security Alert addresses vulnerability CVE-2022-21500, which affects some deployments of Oracle E-Business Suite. This vulnerability is remotely exploitable

CVE-2022-1183 : Destroying a TLS session early causes assertion failure

Description On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those