CVE-2019-7928

Summary

A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal.

Affected Software

VendorProductVersion RangeStatus
n/aMagento 2Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2affected

Weaknesses

  • Denial-of-Service

ADP Enrichment

CVE Program Container

Additional References

References