CVE-2020-9588
HIGHMagento < 1.9.4.5, < 1.14.4.4, 2.2.0-2.2.11, < 2.3.4-p2 - Observable Timing Discrepancy
Title source: llmDescription
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/magento/apsb20-22.html
Scores
CVSS v3
7.2
EPSS
0.0118
EPSS Percentile
79.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-203
Status
published
Products (6)
magento/community-edition
0 - 2.3.4-p2Packagist
magento/core
0 - 1.9.4.5Packagist
magento/magento
< 1.14.4.4
magento/magento
< 1.9.4.4
magento/magento
2.2.0 - 2.2.11 (2 CPE variants)
magento/project-community-edition
0Packagist
Published
Jun 26, 2020
Tracked Since
Feb 18, 2026