Threat Watch

Adobe Discloses Magento Critical Zero-Day Vulnerability Under Active Exploitation

Adobe disclosed in a security advisory yesterday that its e-commerce storefront solutions, Adobe Commerce and Magento, has a critical vulnerability that can be exploited to achieve arbitrary remote code execution. The vulnerability is being tracked as CVE-2022-24086. The company announced in its security advisory that “CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.” The vulnerability was assigned a CVSS score of 9.8/10.

Affected versions are currently listed as all versions above 2.3.3 as per the security advisory:

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Adobe has released patches and updated versions for both Adobe Commerce, v 2.4.3-p1_v1, and Magento Open Source, 2.4.3-p1_v1. Due to reports of active exploitation, organizations should prioritize testing and deploying the latest updates in order to avoid an operational or customer information breach. Critical vulnerabilities should be addressed as soon as possible as once threat actors gain access to an organization’s servers, they often install backdoors, create illegitimate accounts, and deploy other persistence methods.

https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html

https://helpx.adobe.com/security/products/magento/apsb22-12.html

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support