Skip to main content
CVE-2020-24406 LOW PATCH Monitor

When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Adobe Information Disclosure Magento
NVD
CVSS 3.1
3.7
EPSS
2.1%
CVE-2020-4650 LOW PATCH Monitor

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Maximo Spatial Asset Management
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-24404 LOW PATCH Monitor

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
2.7
EPSS
1.6%
CVE-2020-24403 LOW PATCH Monitor

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Magento
NVD
CVSS 3.1
2.7
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy