Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2019-7951 - Vulnerability Database
Magento

Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2019-7951

High
Reference: CVE-2019-7951
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-7951
Title: Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18 Magento 2.2 prior to 2.2.9 Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests.