CVE-2019-8113

Summary

Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.

Affected Software

VendorProductVersion RangeStatus
Adobe Systems IncorporatedMagento 2Magento 2.2 prior to 2.2.10affected
Adobe Systems IncorporatedMagento 2Magento 2.3 prior to 2.3.3 or 2.3.2-p1affected

Weaknesses

  • Cryptographic flaw

ADP Enrichment

CVE Program Container

Additional References

References