OpenMage LTS prior to 19.4.6 and 20.0.2 allows malicious users to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openmage openmage long term support |
||
magento magento |