Vulnerability Description
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openmage | Openmage Long Term Support | < 19.4.6 |
| Magento | Magento | <= 2.3.5 |
Related Weaknesses (CWE)
References
- https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36PatchThird Party Advisory
- https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6Third Party Advisory
- https://helpx.adobe.com/security/products/magento/apsb20-47.htmlRelease NotesVendor Advisory
- https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36PatchThird Party Advisory
- https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6Third Party Advisory
- https://helpx.adobe.com/security/products/magento/apsb20-47.htmlRelease NotesVendor Advisory
FAQ
What is CVE-2020-15151?
CVE-2020-15151 is a vulnerability with a CVSS score of 8.0 (HIGH). OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. T...
How severe is CVE-2020-15151?
CVE-2020-15151 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15151?
Check the references section above for vendor advisories and patch information. Affected products include: Openmage Openmage Long Term Support, Magento Magento.