Adobe Releases Additional Security Updates for Commerce and Magento Open Source

Exploitation in the wild found for existing vulnerability and another Critical RCE vulnerability has been added to the Adobe security advisory.

Threat ID:: CC-4042
Threat Severity:: Information only
Published:: 18 February 2022 1:19 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Exploitation in the wild found for existing vulnerability and another Critical RCE vulnerability has been added to the Adobe security advisory.

Affected platforms

The following platforms are known to be affected:

Versions: Commerce and Magento Open Source - 2.4.3-p1 and earlier versions , Commerce and Magento Open Source - 2.3.7-p2 and earlier versions  

Adobe Commerce

Also affects Magento Open Source

Threat details

Introduction

Adobe has released security updates to address vulnerabilities in multiple Adobe products. Both CVE-2022-24086 and CVE-2022-24087 are rated Critical by Adobe, each rating 9.8 on CVSSv3 scoring system. A remote, unauthenticated attacker could exploit these vulnerabilities to take control of an affected system.

Exploitation

Adobe has reported that there has been exploitation in the wild for the vulnerability known as CVE-2022-24086.

Remediation advice

Affected organisations are encouraged to review the following Adobe security bulletin and apply relevant updates.

Remediation steps

Type	Step
Patch	Adobe Commerce \| APSB22-12 (Also affecting Magento Open Source) https://helpx.adobe.com/security/products/magento/apsb22-12.html

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2022-24086

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

Status Reserved

CVE-2022-24087

Last edited: 18 February 2022 1:23 pm