Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
References
Link | Resource |
---|---|
https://helpx.adobe.com/security/products/magento/apsb20-22.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: adobe
Published: 2020-06-26T20:20:53
Updated: 2020-06-26T20:20:53
Reserved: 2020-03-02T00:00:00
Link: CVE-2020-9588
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-06-26T21:15:17.327
Modified: 2020-07-01T19:58:51.003
Link: CVE-2020-9588
JSON object: View
Redhat Information
No data.
CWE