Skip to main content

Insufficient Logging

CVE-2019-8123

Severity Medium
Score 5.3/10

Summary

An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. The logging feature required for effective monitoring did not contain sufficient data to effectively track configuration changes.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-778 - Insufficient Logging

When a security-critical event occurs, the software either does not record the event or omits important details about the event when logging it.

Advisory Timeline

  • Published