займ на картукредит онлайн

MAGENTO SECURITY PATCH SUPEE-5994 RELEASED

SUPEE-5994 is a bundle of eight patches that resolve several security-related issues.

There were several CVSSv3 Severity issues found which affected the Magento products. Below are the few bugs:

Issue Type: Information Leakage (Internal)

CVSSv3 Severity

Security Bug

Description

5.3 (Medium)

Admin Path Disclosure

An attacker can force the Admin Login page to appear by directly calling a module, regardless of the URL.This exposes the Admin URL on the page, and makes it easier to initiate password attacks.

Issue Type: Customer Address Leak through Checkout

CVSSv3 Severity

Security Bug

Description

5.3 (Medium)

Information Disclosure / Leakage (Confidential or Restricted)

Enables an attacker to obtain address information (name, address, phone) from the address books of other store customers.
During the checkout process, the attacker can gain access to an arbitrary address book by entering a sequential ID. No payment information is returned. The only requirement for the attacker is to create an account in store, put any product into the cart, and start the checkout process. This attack can be fully automated, and a functional proof of concept exists.

Issue Type: Information Disclosure / Leakage (Confidential or Restricted)

CVSSv3 Severity

Security Bug

Description

5.3 (Medium)

Customer Information Leak through Recurring Profile

This issue enables attacker to obtain address (name, address, phone), previous order (items, amounts) and payment method (payment method, recurrence) information from the recurring payment profiles of other store customers.

Issue Type: Cross-site Scripting (XSS) – Reflected

CVSSv3 Severity

Security Bug

Description

8.2 (High)

Customer Information Leak through Recurring Profile

This issue enables an attacker to execute JavaScript code within the context of a Magento Connect Manager session. If the administrator clicks a malicious link, the session can be stolen, and malicious extensions installed.

Source: Magento

It is highly recommended by Magento to deploy these new security patches right away, to ensure optimal security and performance.

What else can be done to protect a Magento site?

Apart from installing the security patches, you can always ask Magento certified professionals to conduct a security audit every quarter to ensure that your store is secured especially if you have installed new extensions and made some changes to the site.

Consult our certified Magento developers, if you want to implement this security patch or have any questions regarding the Magento security SUPEE-5994 patch, please contact our support team.

No Comments

Leave a Comment

Please be polite. We appreciate that.
Your email address will not be published and required fields are marked