CVE-2020-9690 in Magento and Adobe Products
Published on July 29, 2020
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
Products Associated with CVE-2020-9690
stack.watch emails you whenever new vulnerabilities are published in Magento or Adobe Magento. Just hit a watch button to start following.
Affected Versions
Adobe Magento Version 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier versions is affected by CVE-2020-9690Vulnerable Packages
The following package name and versions may be associated with CVE-2020-9690
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| composer | openmage/magento-lts | < 19.4.6 | 19.4.6 |
| composer | openmage/magento-lts | >= 20.0.0, < 20.0.2 | 20.0.2 |
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.