CVE-2020-15151

Summary

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.

Affected Software

VendorProductVersion RangeStatus
OpenMagemagento-lts< 19.4.6"affected
OpenMagemagento-lts>= 20.0.0, < 20.0.2affected

Weaknesses

  • CWE-203: {"CWE-203":"Observable Discrepancy"}

ADP Enrichment

CVE Program Container

Additional References

References