Description
An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://magento.com/security/patches/supee-11219
Scores
CVSS v3
5.3
EPSS
0.0009
EPSS Percentile
25.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
Status
published
Products (3)
magento/community-edition
2.1.0 - 2.1.19Packagist
magento/magento
< 1.14.4.3
magento/magento
< 1.9.3.4
Published
Nov 05, 2019
Tracked Since
Feb 18, 2026