{"containers":{"cna":{"affected":[{"product":"Magento 2","vendor":"n/a","versions":[{"status":"affected","version":"Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2"}]}],"descriptions":[{"lang":"en","value":"An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details."}],"problemTypes":[{"descriptions":[{"description":"Insecure Direct Object Reference","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-08-02T21:11:32.000Z","orgId":"078d4453-3bcd-4900-85e6-15281da43538","shortName":"adobe"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@adobe.com","ID":"CVE-2019-7854","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Magento 2","version":{"version_data":[{"version_value":"Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Insecure Direct Object Reference"}]}]},"references":{"reference_data":[{"name":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23","refsource":"CONFIRM","url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T21:02:18.996Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23"}]}]},"cveMetadata":{"assignerOrgId":"078d4453-3bcd-4900-85e6-15281da43538","assignerShortName":"adobe","cveId":"CVE-2019-7854","datePublished":"2019-08-02T21:11:32.000Z","dateReserved":"2019-02-12T00:00:00.000Z","dateUpdated":"2024-08-04T21:02:18.996Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}