CVE-2016-2212

The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition before 1.14.2.3 and Magento Community Edition before 1.9.2.3 allows remote attackers to obtain sensitive order information via the order_id in a JSON object in the data parameter in an RSS feed request to index.php/rss/order/status.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
magentomagento
𝑥
≤ 1.9.2.2
magentomagento
𝑥
≤ 1.14.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://karmainsecurity.com/KIS-2016-02
http://packetstormsecurity.com/files/135941/Magento-1.9.2.2-RSS-Feed-Information-Disclosure.html
http://seclists.org/fulldisclosure/2016/Feb/105
http://www.securityfocus.com/archive/1/537601/100/0/threaded
https://magento.com/security/patches/supee-7405
http://karmainsecurity.com/KIS-2016-02
http://packetstormsecurity.com/files/135941/Magento-1.9.2.2-RSS-Feed-Information-Disclosure.html
http://seclists.org/fulldisclosure/2016/Feb/105
http://www.securityfocus.com/archive/1/537601/100/0/threaded
https://magento.com/security/patches/supee-7405