Adobe Commerce and Magento Open Source has a security update available

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Adobe Commerce and Magento Open Source has a security update available

    This guide will be noteworthy because it will cover the Adobe Commerce APSB22-12 security updates released on 13th February 2022.

    Important Note: Users and administrators should examine Adobe Security Bulletin APSB22-12 and apply the necessary patches, according to CISA. These patches address a critical vulnerability. The successful exploitation could result in the execution of arbitrary code. According to Adobe, CVE-2022-24086 has been attacked in the wild in extremely restricted attacks targeting Adobe Commerce users.

    A) Let us find the affected versions and solutions for Adobe Commerce:
    1) Affected versions:
    2.4.3-p1 and earlier versions and 2.3.7-p2 and earlier versions on all platforms.
    Solution- Updated version is MDVA-43395_EE_2.4.3-p1_v1 on all platforms with 1 priority rating.

    B) Let us find the affected versions and solutions for Magento Open Source:
    2) Affected versions:
    2.4.3-p1 and earlier versions and 2.3.7-p2 and earlier versions on all platforms.
    Solution- Updated version is MDVA-43395_EE_2.4.3-p1_v1 on all platforms with 1 priority rating.

    Now, let us see the details of vulnerability:
    1. Category- Improper Input Validation (CWE-20) 
    2. Impact- Arbitrary Code Execution 
    3. Intensity- Critical
    4. Authentication required to exploit? - Not required
    5. Exploit requires admin privileges? - Not required
    6. Score of CVSS base- 9.8
    7. CVSS vector- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    8. Magento Bug ID- PRODSECBUG-3118
    9. CVE number(s)- CVE-2022-24086

    We hope you found this guide beneficial. Visit https://helpx.adobe.com/security.html for additional details. Please contact our 24x7 support team at any stage should you require any assistance.
    eUKhost Ltd.
    Part of the Hyperslice Group

    Email: [email protected]
    Phone: 0800 862 0380
    Website: www.eukhost.com
    Follow eUKhost on Twitter || Join eUKhost Community on Facebook

    #2
    Adobe has now warned of second critical security hole

    The new vulnerability has a severity rating of the 9.8 which is the same as its predecessor, Adobe said it is aware that that CVE-2022-24086 has been exploited in very limited attacks targeting Adobe Commerce merchants.

    Read more at: https://helpx.adobe.com/security/pro...apsb22-12.html

    Comment

    Working...
    X