CVE-2019-7846
First published: Tue Jun 25 2019(Updated: )
PRODSECBUG-1513: Insufficient brute force protections on promo code entry
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/magento/product-community-edition | >=2.1<2.1.18>=2.2<2.2.9>=2.3<2.3.2 | |
| Adobe Campaign | <=18.10.5.8984 | |
| Linux Linux kernel | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-7846.
What is the title of this vulnerability?
The title of this vulnerability is PRODSECBUG-1513: Insufficient brute force protections on promo code entry.
Which software versions are affected by this vulnerability?
The software versions affected by this vulnerability are Magento 2.1 up to 2.1.18, Magento 2.2 up to 2.2.9, and Magento 2.3 up to 2.3.2.
What is the recommended action to fix this vulnerability?
The recommended action to fix this vulnerability is to apply the security update provided by Magento: https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33.
Are there any brute force protections missing in the promo code entry feature?
Yes, there are insufficient brute force protections on the promo code entry feature.
- collector/friends-of-php
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- package-manager/composer
- vendor/adobe
- canonical/adobe campaign
- version/adobe campaign/18.10.5.8984
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows