Blog

VULNERABILITY UPDATE: Adobe Magento Vulnerability Scores a 9.8 out of 10

3 years ago
February 14, 2022
0 replies
73 views

Anonymous

Oh good, a 9.8-score vulnerability on a Sunday! Our own top-researcher, @Peter-Automox, has full details on the AX blog: “On Sunday, Adobe released out of band updates to patch a critical vulnerability in Adobe Commerce and Magento Open Source. CVE-2022-24086 is an improper input validation flaw that allows an attacker to execute arbitrary code without credentials or administrative privileges.

We recommend prioritizing patching as soon as possible (today, ideally), since exploits are being seen in the wild and Magento has previously been a target for attackers. The patch from Adobe is available here for download.
If you’re running Adobe Magento or Commerce 2.4.3p1 and earlier, or 2.3.7-p2 and earlier, you are vulnerable to attack. Versions 2.3.3 and lower are not affected, though eCommerce security firm Sansec recommends manually implementing the patch anyways.”

As always, head over to the blog to read Peter’s full post...but patch Magento first!

How helpful was this post to you?

Be the first to reply!

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Reply

VULNERABILITY UPDATE: Adobe Patches 2nd Magento Zero Day This Week

Patch Tuesday Rundown - December 2021

Patch Tuesday Rundown - August 2021

Security Wrap-Up (February 9th, 2021)

Security Wrap-Up (November 17th, 2020)

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings