Information disclosure in Adobe Commerce (formerly Magento Commerce) - #VU8474
Published: September 15, 2017
Vulnerability identifier: #VU8474
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Adobe
Affected software:
Adobe Commerce (formerly Magento Commerce)
Adobe Commerce (formerly Magento Commerce)
Detailed vulnerability description
The vulnerability allows a remote attacker can gain access to potentially sensitive information.
The vulnerability exists due to the Magento email replies to product requests expose the system path of the Magento installation. A remote attacker can leverage the system path to enable the use of other vulnerabilities.
The vulnerability exists due to the Magento email replies to product requests expose the system path of the Magento installation. A remote attacker can leverage the system path to enable the use of other vulnerabilities.
Remediation
Update to version 2.0.16 or 2.1.9.