First published: Tue Jun 25 2019(Updated: )
PRODSECBUG-1513: Insufficient brute force protections on promo code entry
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/magento/product-community-edition | >=2.1<2.1.18>=2.2<2.2.9>=2.3<2.3.2 | |
Adobe Campaign | <=18.10.5.8984 | |
Linux Linux kernel | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-7846.
The title of this vulnerability is PRODSECBUG-1513: Insufficient brute force protections on promo code entry.
The software versions affected by this vulnerability are Magento 2.1 up to 2.1.18, Magento 2.2 up to 2.2.9, and Magento 2.3 up to 2.3.2.
The recommended action to fix this vulnerability is to apply the security update provided by Magento: https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33.
Yes, there are insufficient brute force protections on the promo code entry feature.