{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T08:40:37.239","vulnerabilities":[{"cve":{"id":"CVE-2019-7854","sourceIdentifier":"psirt@adobe.com","published":"2019-08-02T22:15:14.910","lastModified":"2024-11-21T04:48:52.000","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details."},{"lang":"es","value":"Una vulnerabilidad  de referencia directa a objetos no segura (IDOR) en Magento versiones 2.1 anteriores a 2.1.18, Magento versiones 2.2 anteriores a 2.2.9, Magento versiones 2.3 anteriores a 2.3.2,  puede conllevar a la divulgación no autorizada de los detalles del historial crediticio de la compañía."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*","versionStartIncluding":"2.1.0","versionEndExcluding":"2.1.18","matchCriteriaId":"DE066118-96FB-423F-B962-F904ACD6340C"},{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*","versionStartIncluding":"2.2.0","versionEndExcluding":"2.2.9","matchCriteriaId":"C7822059-9FC0-45E5-826B-4DF2AB07F2BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"2.3.2","matchCriteriaId":"6B8C5A27-2957-4373-B0FE-8C7585B4B04E"}]}]}],"references":[{"url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}