CVE-2020-9587

EUVD-2022-3253
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
magentomagento
𝑥
≤ 1.9.4.4
magentomagento
𝑥
≤ 1.14.4.4
magentomagento
2.2.0 ≤
𝑥
≤ 2.2.11
magentomagento
2.2.0 ≤
𝑥
≤ 2.2.11
magentomagento
2.3.0 ≤
𝑥
≤ 2.3.4
magentomagento
2.3.0 ≤
𝑥
≤ 2.3.4
𝑥
= Vulnerable software versions
References
https://helpx.adobe.com/security/products/magento/apsb20-22.html
https://helpx.adobe.com/security/products/magento/apsb20-22.html