CVE-2019-7886

EUVD-2022-3475
A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
magentomagento
2.1.0 ≤
𝑥
< 2.1.18
magentomagento
2.2.0 ≤
𝑥
< 2.2.9
magentomagento
2.3.0 ≤
𝑥
< 2.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33