Insufficient Logging
CVE-2019-8123
Summary
An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. The logging feature required for effective monitoring did not contain sufficient data to effectively track configuration changes.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
CWE-778 - Insufficient Logging
When a security-critical event occurs, the software either does not record the event or omits important details about the event when logging it.
Advisory Timeline
- Published