S

SUPEE-5994

SUPEE-5994 is a bundle of eight security patches, including Backend path leakage, customers details leakage (name, address, phone, orders, payment method) and Magento root directory path leakage.

You can find more details on the vulnerabilities address by this patch below:

Admin Path Disclosure – APPSEC-977

Type: Information Leakage (Internal)
CVSSv3 Severity: 5.3 (Medium)
Known Attacks: None
Description: An attacker can force the Admin Login page to appear by directly calling a module, regardless of the URL.This exposes the Admin URL on the page, and makes it easier to initiate password attacks.
Product(s) Affected: Magento CE prior to 1.9.2.0, and Magento EE prior to 1.14.2.1
Fixed In: CE 1.9.2.0, EE 1.14.2.1
Reporter: Peter O’Callaghan

Customer Address Leak through Checkout – APPSEC-945

Type: Information Disclosure / Leakage (Confidential or Restricted)
CVSSv3 Severity: 5.3 (Medium)
Known Attacks: None
Description: Enables an attacker to obtain address information (name, address, phone) from the address books of other store customers.During the checkout process, the attacker can gain access to an arbitrary address book by entering a sequential ID. No payment information is returned. The only requirement for the attacker is to create an account in store, put any product into the cart, and start the checkout process.This attack can be fully automated, and a functional proof of concept exists.
Product(s) Affected: Magento CE prior to 1.9.2.0, and Magento EE prior to 1.14.2.1
Fixed In: CE 1.9.2.0, EE 1.14.2.1
Reporter: Erik Wohllebe

Customer Information Leak through Recurring Profile – APPSEC-926

Type: Information Disclosure / Leakage (Confidential or Restricted)
CVSSv3 Severity: 5.3 (Medium)
Known Attacks: None
Description: This issue enables attacker to obtain address (name, address, phone), previous order (items, amounts) and payment method (payment method, recurrence) information from the recurring payment profiles of other store customers.The attacker just create an account with the store. While viewing own recurring profile, the attacker can request an arbitrary recurring profile using a sequential ID. The information is then returned to the attacker.This attack can be fully automated, and a manual proof of concept exists.
Product(s) Affected: Magento CE prior to 1.9.2.0, and Magento EE prior to 1.14.2.1
Fixed In: CE 1.9.2.0, EE 1.14.2.1
Reporter: Manuel Iglesias

Local File Path Disclosure Using Media Cache – APPSEC-965

Type: Information Leakage (Internal)
CVSSv3 Severity: 5.3 (Medium)
Known Attacks: None
Description: Attacker can use fictitious image URLs to generate exceptions that expose internal server paths, regardless of settings.
Product(s) Affected: Magento CE prior to 1.9.2.0, and Magento EE prior to 1.14.2.1
Fixed In: CE 1.9.2.0, EE 1.14.2.1
Reporter: Omar M

Cross-site Scripting (XSS) Using Magento Downloader – APPSEC-979

Type: Cross-site Scripting (XSS) – Reflected
CVSSv3 Severity: 8.2 (High)
Known Attacks: None
Description: This issue enables an attacker to execute JavaScript code within the context of a Magento Connect Manager session. If the administrator clicks a malicious link, the session can be stolen, and malicious extensions installed.
Product(s) Affected: Magento CE prior to 1.9.2.0, and Magento EE prior to 1.14.2.1
Fixed In: CE 1.9.2.0, EE 1.14.2.1
Reporter: Robert Foggia / Trustwave

Spreadsheet Formula Injection – APPSEC-978

Type: Formula Injection
CVSSv3 Severity: 6.1 (Medium)
Known Attacks: None
Description: Attacker can provide input that executes a formula when exported and opened in a spreadsheet such as Microsoft Excel. The formula can modify data, export personal data to another site, or cause remote code execution. The spreadsheet usually displays a warning message, which the user must dismiss for the attack to succeed.
Product(s) Affected: Magento CE prior to 1.9.2.0, and Magento EE prior to 1.14.2.1
Fixed In: CE 1.9.2.0, EE 1.14.2.1
Reporter: iSec Partners (external audit)

Cross-site Scripting Using Authorize.Net Direct Post Module – APPSEC-907

Type:

Cross-Site Scripting (XSS) – Reflected
CVSSv3 Severity: 6.1 (Medium)
Known Attacks: None
Description: Enables an attacker to execute JavaScript in the context of a customer session. If a customer clicks a malicious link, the attacker can steal cookies and hijack the session, which can expose personal information and compromise checkout.
Product(s) Affected: Magento CE prior to 1.9.2.0, and Magento EE prior to 1.14.2.1
Fixed In: CE 1.9.2.0, EE 1.14.2.1
Reporter: Matthew Barry

Malicious Package Can Overwrite System Files – APPSEC-535

Type: Abuse of Functionality
CVSSv3 Severity: 3.1 (Low)
Known Attacks: None
Description: Attacker can publish a malicious extension package. When the package is installed by a customer, it can overwrite files on the server. The attacker must first publish a package, and then entice a customer to install it. The package might contain a malicious load, as well.
Product(s) Affected: Magento CE prior to 1.9.2.0, and Magento EE prior to 1.14.2.1
Fixed In: CE 1.9.2.0, EE 1.14.2.1
Reporter: iSec Partners (external audit)
SUPEE-5994
0 votes, 0.00 avg. rating (0% score)