CVE-2020-9587

HIGH

Magento <2.3.4, <2.2.11, <1.14.4.4, <1.9.4.4 - Auth Bypass

Title source: llm

Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://helpx.adobe.com/security/products/magento/apsb20-22.html

Scores

CVSS v3 7.5

EPSS 0.0055

EPSS Percentile 68.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published

Products (6)

magento/community-edition 0Packagist

magento/core 0 - 1.9.4.5Packagist

magento/magento < 1.14.4.4

magento/magento < 1.9.4.4

magento/magento 2.2.0 - 2.2.11 (2 CPE variants)

magento/project-community-edition 0Packagist

Published Jun 26, 2020

Tracked Since Feb 18, 2026