An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7854
Reference (s):
- https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23