S

SUPEE-10975

SUPEE-10975 contain multiple security enhancements that help close remote code execution (RCE), cross-site scripting (XSS), cross-site request forgery (CSRF) and other vulnerabilities.  
PRODSECBUG-1589: Stops Brute Force Requests via basic RSS authentication
Type: Brute Force Login / Session Identifier
CVSSv3 Severity: 9.0
Known Attacks: none
Description: Attacker is able to brute force requests to the RSS nodes that require admin authentication. With this, attacker would be able to guess the admin password.
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0.
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975
Reporter: NA
MAG-23: M1 Credit Card Storage Capability
Type: Compliance Requirement
CVSSv3 Severity: 9.0
Known Attacks: none
Description: Removes functionality enabling M1 customers to store credit card data in the database.
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0.
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975
Reporter: NA
PRODSECBUG-2149: Authenticated RCE using customer import
Type: Remote Code Execution (RCE)
CVSSv3 Severity: 8.5
Known Attacks: none
Description: Restricts Admin users with access to edit product attributes from running customer imports while executing arbitrary code using a serialized string that have been set as validate_rules on an attribute.
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0.
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975
Reporter: Fabain
PRODSECBUG-2159: API Based RCE Vulnerability
Type: Remote Code Execution (RCE)
CVSSv3 Severity: 8.5
Known Attacks: none
Description: By activating an API, including the ability to add products, it is possible to send base64-encoded content to an unauthorized file and with it, excute an RCE
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0, Magento 2.1 prior to 2.1.16, Magento 2.2 prior to 2.2.7
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975, Magento 2.1.16, Magento 2.2.7, Magento 2.3.0
Reporter: sambecks
PRODSECBUG-2156: RCE Via Unauthorized Upload
Type: Remote Code Execution (RCE)
CVSSv3 Severity: 8.5
Known Attacks: none
Description: Prevents a user from uploading unauthorized files while attaching videos
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0, Magento 2.1 prior to 2.1.16, Magento 2.2 prior to 2.2.7
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975, Magento 2.1.16, Magento 2.2.7, Magento 2.3.0
Reporter: mortis
PRODSECBUG-2155: Authenticated RCE using dataflow
Type: Remote Code Execution (RCE)
CVSSv3 Severity: 8.5
Known Attacks: none
Description: Prevents Admin users with access to dataflow functionallity from executing arbitrary code using a specially crafted serialized string
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0.
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975
Reporter: Fabain
PRODSECBUG-2053: Prevents XSS in Newsletter Template
Type: Cross-Site Scripting (XSS)
CVSSv3 Severity: 6.5
Known Attacks: none
Description: Strengthens Newletter Template Settings to prevent possible XSS Attack
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0, Magento 2.1 prior to 2.1.16, Magento 2.2 prior to 2.2.7
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975, Magento 2.1.16, Magento 2.2.7, Magento 2.3.0
Reporter: NA
PRODSECBUG-2142: XSS in CMS Preview
Type: Cross-Site Scripting (XSS)
CVSSv3 Severity: 6.5
Known Attacks: none
Description: An administrator on Magento 1 with permissions to edit CMS pages can insert script tags into the version history label which will trigger when another administrator previews a page which is standard practice prior to publishing content updates. The malicious script tag does not need to be the most recent entry, it just needs to exist in the history. As such a malicious actor would be able to insert the bad label in the non-current entry to avoid suspicion as this would not be obvious. This could then sit for some time until an administrator comes to preview the cms page before making an edit, allowing the malicious actor to perform actions as that user and gain additional privileges.
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0.
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975
Reporter: convenient
PRODSECBUG-1860: Admin Account XSS Attack Cessation via Filename.
Type: Cross-Site Scripting (XSS)
CVSSv3 Severity: 6.5
Known Attacks: none
Description: An attacker with access to upload can craft an image with a malicious file name in order to execute an XSS attack.
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0.
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975
Reporter: mpchadwick
PRODSECBUG-2119: EE Patch to include names in templates
Type: Insufficient Data Protection
CVSSv3 Severity: 6.5
Known Attacks: none
Description: Enterprise Edition misses several unescaped website, store and store group names
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0.
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975
Reporter: NA
PRODSECBUG-2129: XSS in Google Analytics Vulnerability
Type: Cross-Site Scripting (XSS)
CVSSv3 Severity: 6.5
Known Attacks: none
Description: An administrator on Magento 1 with permissions to update the Google Analytics configuration can trigger XSS vulnerability when another administrator issues a Credit Memo.This attack could allow one administrator to trigger privileged requests from another users account, changing further configuration or chaining together further attacks.
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0.
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975
Reporter: convenient
PRODSECBUG-2019: Merchant Wishlist Security Strenghening
Type: Brute Force (Generic) / Insufficient Anti-automation
CVSSv3 Severity: 5.3
Known Attacks: none
Description: Prevents unwanted spamming of user wishlists
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0.
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975
Reporter: NA
PRODSECBUG-2104: Send to a Friend Vulnerability
Type: Brute Force (Generic) / Insufficient Anti-automation
CVSSv3 Severity: 5.3
Known Attacks: none
Description: Send to a friend feature does not allow for CAPTCHA to be enabled. At least 1 merchant has been targeted by bot attacks resulting in Sendgrid credits being maxed out.
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0.
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975
Reporter: Internal Staff
PRODSECBUG-2125: CSRF on deletion of Blocks Vulnerability
Type: Cross-Site Request Forgery (CSRF)
CVSSv3 Severity: 4.2
Known Attacks: none
Description: Prevents a cross site request forgery vulnerability which can delete all Blocks at once
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0.
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975
Reporter: Djordje-marjanovic
PRODSECBUG-2088: CSRF Vulnerabilty related to Customer Group Deletion
Type: Cross-Site Request Forgery (CSRF)
CVSSv3 Severity: 4.2
Known Attacks: none
Description: Prevents possible deletion of customer group information via escalated privilege
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0, Magento 2.1 prior to 2.1.16, Magento 2.2 prior to 2.2.7
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975, Magento 2.1.16, Magento 2.2.7, Magento 2.3.0
Reporter: Djordje-marjanovic
PRODSECBUG-2140: CSRF on deletion of Site Map
Type: Cross-Site Request Forgery (CSRF)
CVSSv3 Severity: 4.2
Known Attacks: none
Description: Prevents the deletion of customer groups via a GET request in versions of M1
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0.
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975
Reporter: Djordje-marjanovic
PRODSECBUG-2108: Outdated jQuery causing PCI scanning failures
Type: Compliance Requirement
CVSSv3 Severity: 0.0
Known Attacks: none
Description: Updated Jquery to the newest version
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0, Magento 2.1 prior to 2.1.16, Magento 2.2 prior to 2.2.7
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975, Magento 2.1.16, Magento 2.2.7, Magento 2.3.0
Reporter: Internal Staff
MAG-12, MAG-2: Encryption Keys Stored in Plain Text
Type: Information Disclosure / Leakage (Confidential or Restricted)
CVSSv3 Severity: 0.0
Known Attacks: none
Description: Support encrypted of backups out-of-the-box. For example allow the user to set a password that is used to unlock the backups. It is acceptable if the user willingly opts out, but this should be a supported feature.
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0, Magento 2.1 prior to 2.1.16, Magento 2.2 prior to 2.2.7
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975, Magento 2.1.16, Magento 2.2.7, Magento 2.3.0
Reporter: NA
PRODSECBUG-2141: Unauthorized Admin Panel Bypass
Type: Privilege Escalation
CVSSv3 Severity: 0.0
Known Attacks: none
Description: Prevents a vulneraiblity whereby admin panel can be accessed regardless of the actual request URI is, bypassing IP whitelisting in M1
Product(s) Affected: Magento Open Source prior to 1.9.4.0, and Magento Commerce prior to 1.14.4.0.
Fixed In: Magento Open Source 1.9.4.0, Magento Commerce 1.14.4.0, SUPEE-10975
SUPEE-10975
0 votes, 0.00 avg. rating (0% score)