CVE-2020-9690

Medium

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful…

adobe·CWE-203·Published 2020-07-29

CVSS

4.2

EPSS

0.02

KEV

Exploits

cve.orgen

185 chars

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

NVDen

185 chars

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

OSV.deven

185 chars

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

GHSAen

185 chars

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

NVDes

232 chars

Magento versiones 2.3.5-p1 y anteriores, y versiones 2.3.5-p1 y anteriores, presentan una vulnerabilidad de discrepancia de sincronización observable. Una explotación con éxito podría conllevar a una omisión de comprobación de firma

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
3.1	Primary	NVD	4.2	0.6	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N