CVE-2020-9587
- Source
- https://cve.org/CVERecord?id=CVE-2020-9587
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-9587.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-9587
- Aliases
- Published
- 2020-06-26T21:15:17.263Z
- Modified
- 2026-03-13T00:46:08.307748Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product discounts.
- References
Affected packages
Git / github.com/magento/devdocs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/magento/devdocs
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "2.2.0" }, { "last_affected": "2.2.11" }, { "introduced": "2.2.0" }, { "last_affected": "2.2.11" }, { "introduced": "2.3.0" }, { "last_affected": "2.3.4" }, { "introduced": "2.3.0" }, { "last_affected": "2.3.4" } ] }