CVE-2020-3719

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://helpx.adobe.com/security/products/magento/apsb20-02.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:magento:magento:::::community:::*
	cpe:2.3:a:magento:magento:::::enterprise:::*
	cpe:2.3:a:magento:magento:::::commerce:::*
	cpe:2.3:a:magento:magento:::::open_source:::*
	cpe:2.3:a:magento:magento:::::commerce:::*
	cpe:2.3:a:magento:magento:::::open_source:::*

History

No history.

Information

Published : 2020-01-29 19:15

Updated : 2023-12-10 13:13

NVD link : CVE-2020-3719

Mitre link : CVE-2020-3719

CVE.ORG link : CVE-2020-3719

JSON object : View

Products Affected

magento

magento

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2020-3719", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-01-29T19:15:14.027", "references": [{"url": "https://helpx.adobe.com/security/products/magento/apsb20-02.html", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure."}, {"lang": "es", "value": "Magento versiones 2.3.3 y anteriores, versiones 2.2.10 y anteriores, versiones 1.14.4.3 y anteriores, y versiones 1.9.4.3 y anteriores, presenta una vulnerabilidad de inyecci\u00f3n sql. Una explotaci\u00f3n con \u00e9xito podr\u00eda conllevar a una divulgaci\u00f3n de informaci\u00f3n confidencial."}], "lastModified": "2020-01-30T20:42:39.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "FC7C713B-DC1D-4BCE-BBC9-105B5099C03C", "versionEndIncluding": "1.9.4.3"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "38FCC397-C4E0-44A2-AD91-B13A974C1270", "versionEndIncluding": "1.14.4.3"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "vulnerable": true, "matchCriteriaId": "7A2C31B2-F717-423C-A976-5C46B660FE4F", "versionEndIncluding": "2.2.10", "versionStartIncluding": "2.2.0"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "C8EFCC7E-49F0-4952-8C7B-D190E95B564D", "versionEndIncluding": "2.2.10", "versionStartIncluding": "2.2.0"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "vulnerable": true, "matchCriteriaId": "04AE5F48-C077-47C9-B8D0-277B9ED49557", "versionEndIncluding": "2.3.3", "versionStartIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "A2D48C61-8E8E-4C99-ACF5-F39CA14E342F", "versionEndIncluding": "2.3.3", "versionStartIncluding": "2.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}