CVE-2020-15151

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openmage:openmage_long_term_support:*:*:*:*:*:*:*:*
cpe:2.3:a:openmage:openmage_long_term_support:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*

Information

Published : 2020-08-19 18:17

Updated : 2021-11-18 10:38


NVD link : CVE-2020-15151

Mitre link : CVE-2020-15151


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

openmage

  • openmage_long_term_support

magento

  • magento