Information disclosure in Adobe Commerce (formerly Magento Commerce) - #VU8466
Published: September 15, 2017
Vulnerability identifier: #VU8466
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Adobe
Affected software:
Adobe Commerce (formerly Magento Commerce)
Adobe Commerce (formerly Magento Commerce)
Detailed vulnerability description
The vulnerability allows a remote attacker can gain access to potentially sensitive information.
The vulnerability exists due to several Magento site URLs leak sensitive information that can include verbose error messages and controller location. A remote attacker can use this information to exploit other vulnerabilities.
The vulnerability exists due to several Magento site URLs leak sensitive information that can include verbose error messages and controller location. A remote attacker can use this information to exploit other vulnerabilities.
Remediation
Update to version 2.0.16 or 2.1.9.