CVE-2019-7858

HIGH

Magento <2.1.18-2.3.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0074
EPSS Percentile 50.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-327
Status published
Products (2)
magento/community-edition 2.1.0 - 2.1.18Packagist
magento/magento 2.1.0 - 2.1.18
Published Aug 02, 2019
Tracked Since Feb 18, 2026