What is the severity of CVE-2019-18981?

CVE-2019-18981 has a severity rating that poses a risk to access control in affected versions of Pimcore.

How do I fix CVE-2019-18981?

To fix CVE-2019-18981, upgrade your Pimcore installation to version 6.2.2 or later.

What versions of Pimcore are affected by CVE-2019-18981?

All versions of Pimcore prior to 6.2.2 are affected by CVE-2019-18981.

What type of issue is CVE-2019-18981?

CVE-2019-18981 is an access control vulnerability that can lead to unauthorized notification delivery.

Is there a workaround for CVE-2019-18981?

There is no documented workaround for CVE-2019-18981; the best action is to update to a patched version.

Vulnerability/
CVE-2019-18981

critical

9.8

CWE

838

15/11/2019

24/5/2022

5/8/2024

CVE-2019-18981

First published: Fri Nov 15 2019(Updated: )

Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
composer/pimcore/pimcore	<6.2.2	6.2.2
Pimcore Pimcore	<6.2.2

Remedy

https://github.com/pimcore/pimcore/commit/0a5d80b2593b2ebe35d19756b730ba33aa049106

Remedy

https://github.com/pimcore/pimcore/compare/v6.2.1...v6.2.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-18981?
CVE-2019-18981 has a severity rating that poses a risk to access control in affected versions of Pimcore.
How do I fix CVE-2019-18981?
To fix CVE-2019-18981, upgrade your Pimcore installation to version 6.2.2 or later.
What versions of Pimcore are affected by CVE-2019-18981?
All versions of Pimcore prior to 6.2.2 are affected by CVE-2019-18981.
What type of issue is CVE-2019-18981?
CVE-2019-18981 is an access control vulnerability that can lead to unauthorized notification delivery.
Is there a workaround for CVE-2019-18981?
There is no documented workaround for CVE-2019-18981; the best action is to update to a patched version.

collector/github-advisory-latest
alias/GHSA-jhcf-j4hg-v64r
alias/CVE-2019-18981
collector/github-advisory
collector/nvd-index
collector/nvd-cve
agent/author
agent/type
agent/remedy
agent/softwarecombine
agent/references
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/tags
agent/source
package-manager/composer
vendor/pimcore
canonical/pimcore pimcore

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2019-18981?
CVE-2019-18981 has a severity rating that poses a risk to access control in affected versions of Pimcore.
How do I fix CVE-2019-18981?
To fix CVE-2019-18981, upgrade your Pimcore installation to version 6.2.2 or later.
What versions of Pimcore are affected by CVE-2019-18981?
All versions of Pimcore prior to 6.2.2 are affected by CVE-2019-18981.
What type of issue is CVE-2019-18981?
CVE-2019-18981 is an access control vulnerability that can lead to unauthorized notification delivery.
Is there a workaround for CVE-2019-18981?
There is no documented workaround for CVE-2019-18981; the best action is to update to a patched version.