{"containers":{"cna":{"affected":[{"product":"Magento 2","vendor":"n/a","versions":[{"status":"affected","version":"Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2"}]}],"descriptions":[{"lang":"en","value":"An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details."}],"problemTypes":[{"descriptions":[{"description":"Insecure Direct Object Reference","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-08-02T21:22:50.000Z","orgId":"078d4453-3bcd-4900-85e6-15281da43538","shortName":"adobe"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@adobe.com","ID":"CVE-2019-7890","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Magento 2","version":{"version_data":[{"version_value":"Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Insecure Direct Object Reference"}]}]},"references":{"reference_data":[{"name":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23","refsource":"CONFIRM","url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T21:02:19.001Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23"}]}]},"cveMetadata":{"assignerOrgId":"078d4453-3bcd-4900-85e6-15281da43538","assignerShortName":"adobe","cveId":"CVE-2019-7890","datePublished":"2019-08-02T21:22:50.000Z","dateReserved":"2019-02-12T00:00:00.000Z","dateUpdated":"2024-08-04T21:02:19.001Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}