The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Magento 1: multiple vulnerabilities

Synthesis of the vulnerability 

Several vulnerabilities were announced in Magento version 1.
Vulnerable software: Magento EE, Magento CE.
Severity of this announce: 3/4.
Number of vulnerabilities in this bulletin: 20.
Creation date: 21/01/2016.
Références of this computer vulnerability: CVE-2016-2212, KIS-2016-02, VIGILANCE-VUL-18781.

Description of the vulnerability 

Several vulnerabilities were announced in Magento version 1.

An attacker can trigger a Cross Site Scripting in Email Addres, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Scripting in Order Comments, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Scripting in Order, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can perform a brute force on Guest Order View, in order to escalate his privileges. [severity:2/4]

An attacker can bypass security features in RSS Feed, in order to obtain sensitive information. [severity:2/4; CVE-2016-2212, KIS-2016-02]

An attacker can trigger a Cross Site Request Forgery in Backend Login Page, in order to force the victim to perform operations. [severity:2/4]

An attacker can upload a malicious file via Backend, in order for example to upload a Trojan. [severity:3/4]

An attacker can trigger a Cross Site Request Forgery in Login, in order to force the victim to perform operations. [severity:2/4]

An attacker can use a Excel Formula injection in CSV/XML Export, in order to read or alter data. [severity:2/4]

An attacker can trigger a Cross Site Scripting in Custom Options, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can bypass security features in Reviews, in order to escalate his privileges. [severity:2/4]

An attacker can trigger a fatal error in Email Delivery, in order to trigger a denial of service. [severity:2/4]

An attacker can bypass security features of a CAPTCHA, in order to escalate his privileges. [severity:2/4]

An attacker can bypass security features in Authorize.net, in order to obtain sensitive information. [severity:1/4]

An attacker can trigger a Cross Site Scripting in Translation Table, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Request Forgery in Delete Items from Cart, in order to force the victim to perform operations. [severity:2/4]

An attacker can trigger a Cross Site Scripting in Custom Options, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can use a Serialized String, in order to run code. [severity:2/4]

An attacker can trigger a Cross Site Scripting in Backend Coupon Entry, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can inject code in the database, in order to escalate his privileges. [severity:1/4]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity bulletin impacts software or systems such as Magento EE, Magento CE.

Our Vigil@nce team determined that the severity of this cybersecurity weakness is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 20 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer vulnerability bulletin.

Solutions for this threat 

Magento Community Edition: version 1.9.2.3.
The version 1.9.2.3 is fixed:
  https://www.magentocommerce.com/download > Release Archive Tab

Magento Enterprise Edition: version 1.14.2.3.
The version 1.14.2.3 is fixed:
  https://www.magentocommerce.com/products/customer/account/login/
  My Account > Downloads Tab > Magento Enterprise Edition 1.X > Magento Enterprise Edition 1.x Release > Version 1.14.2.3

Magento 1: patch SUPEE-7405 and SUPEE-7616.
Patches SUPEE-7405 and SUPEE-7616 are available:
  https://www.magentocommerce.com/download
  https://www.magentocommerce.com/products/customer/account/login/
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities patch. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.