====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN233
_____________________________________________________________________

DATE                : 29/04/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Magento Commerce, Magento Open
                       Source versions prior to 2.3.4-p2, 2.3.5-p1,
                 Magento Enterprise Edition versions prior to 1.14.4.5,
                 Magento Community Edition versions prior to 1.9.4.5.

=====================================================================
https://helpx.adobe.com/security/products/magento/apsb20-22.html
_____________________________________________________________________


Security Updates Available for Magento | APSB20-22
Bulletin ID 	Date Published 	Priority
ASPB20-22	April 28, 2020  2


Summary

Magento has released updates for Magento Commerce and Open Source
editions.  These updates resolve vulnerabilities rated Critical,
Important and Moderate (severity ratings).  Successful exploitation
could lead to arbitrary code execution.


Affected Versions

Product 	Version 	Platform
Magento Commerce   2.3.4 and earlier versions    	  All
Magento Open Source  2.3.4 and earlier versions   	  All
Magento Commerce   2.2.11 and earlier versions (see note) All
Magento Open Source  2.2.11 and earlier versions (see note)  All
Magento Enterprise Edition  1.14.4.4 and earlier versions    All
Magento Community Edition   1.9.4.4 and earlier versions     All


Note:

Magento 2.2x reached end of support on December 31, 2019.


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the newest version.


Product 	Version   Platform     Priority Rating   Availability
Magento Commerce    	2.3.4-p2 	All    2   2.3.4-p2 Commerce
Magento Open Source    	2.3.4-p2 	All    2   2.3.4-p2 Open Source
Magento Commerce    	2.3.5-p1 	All    2   2.3.5 Commerce
Magento Open Source   	2.3.5-p1 	All    2   2.3.5 Open Source
Magento Enterprise Edition   1.14.4.5 	All    2   1.14.4.5
Magento Community Edition    1.9.4.5 	All    2   1.9.4.5

Note:

Magento Commerce 2.2.12 is available exclusively to extended support
Commerce customers.


Vulnerability details

Vulnerability Category 	Vulnerability Impact 	Severity
Pre-authentication?    Admin privileges required?  Magento Bug ID
CVE numbers


Command injection	Arbitrary code execution	Critical
	No 	Yes 	PRODSECBUG-2707       CVE-2020-9576

Stored cross-site scripting    	Sensitive information disclosure
Important 	Yes	No 	PRODSECBUG-2671     CVE-2020-9577

Command injection	Arbitrary code execution	Critical
	No 	Yes 	PRODSECBUG-2695      CVE-2020-9578

Security mitigation bypass 	Arbitrary code execution   Critical
	No	Yes	PRODSECBUG-2696	CVE-2020-9579
Security mitigation bypass	Arbitrary code execution 	Critical
	No	Yes	PRODSECBUG-2697	CVE-2020-9580
Stored cross-site scripting	Sensitive information disclosure
	Important	No	Yes    PRODSECBUG-2700     CVE-2020-9581
Command injection	Arbitrary code execution	Critical
	No	Yes	PRODSECBUG-2708	CVE-2020-9582
Command injection	Arbitrary code execution	Critical
	No	Yes	PRODSECBUG-2710  	CVE-2020-9583
Stored cross-site scripting	Sensitive information disclosure
	Important	Yes	No    PRODSECBUG-2715   CVE-2020-9584
Defense-in-depth security mitigation	Arbitrary code execution
	Moderate	No	Yes   PRODSECBUG-2541	CVE-2020-9585
Defense-in-depth security mitigation	Unauthorized access to admin
panel 	Moderate	Yes 	Yes	MPERF-10898	CVE-2020-9591
Authorization bypass	Potentially unauthorized product discounts
	Moderate	Yes	No   PRODSECBUG-2518    CVE-2020-9587
Observable Timing Discrepancy	Signature verification bypass
	Important	No	Yes  PRODSECBUG-2677 	CVE-2020-9588

Note:

1.     CVE-2020-9585 is mitigated in default installs

2.     CVE-2020-9591 exclusively impacts Magento 1

Note:

Pre-authentication:  The vulnerability is exploitable without
credentials.

Admin privileges required:  The vulnerability is only exploitable by an
attacker with administrative privileges.



Acknowledgments

Adobe would like to thank the following individuals and organizations
for reporting the relevant issues and for working with Adobe to help
protect our customers:

    Blaklis (CVE-2020-9576, CVE-2020-9579, CVE-2020-9581, CVE-2020-9582,
             CVE-2020-9583, CVE-2020-9584)
    Flatmoon (CVE-2020-9577)
    Y0natan (CVE-2020-9578)
    Edgar Boda-Majer (CVE-2020-9580)
    Qubitz (CVE-2020-9585)
    Jitheeshvo (CVE-2020-9586)
    Magnusg (CVE-2020-9587)
    Wasin Sae-ngow (CVE-2020-9588)


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================