Coming Soon...

Q-CERT website is currently under maintenance. We should be back shortly. Thank you for yor patience.

Critical Vulnerability in Adobe Commerce and Magento

Issued: 
Tuesday, 15 February, 2022
Last Revision: 
Tuesday, 15 February, 2022
Vendor: 
Adobe
Product: 
Multiple products
Severity Level: 
High
Summary: 

Adobe Commerce and Magento Open Source have both received security patches from Adobe. These updates fix a critical vulnerability identified as CVE-2022-24086. The successful exploitation could result in the execution of arbitrary code. According to Adobe, the flaw can be exploited without requiring authentication.

 

According to the vendor, the vulnerability has been exploited in the wild in a small number of attacks aimed against Adobe Commerce merchants.

 

Adobe Commerce 2.3.3 and lower are not affected.

 

CVE/Vulnerability

Description 

Severity

CVE-2022-24086

 Improper Input Validation

9.8

 

 

Table 1: Vulnerability details 

 

 

 

 

 

Affected Product(s)

Version

Platform

Adobe Commerce

 2.4.3-p1 and earlier versions 

 2.3.7-p2 and earlier versions  

All

Magento Open Source

 2.4.3-p1 and earlier versions  

 2.3.7-p2 and earlier versions

All

 

 

                                                                                          Table 2: Vulnerable versions

 

 

 

References: 
Security updates available for Adobe Commerce APSB22-12
Adobe Security Bulletin: Security update available for Adobe Commerce | APSB22-12