Summary
Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution.
Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.
Affected Versions
Magento Open Source
2.4.3-p1 and earlier versions
2.3.7-p2 and earlier versions
Adobe Commerce 2.3.3 and lower are not affected.
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version.
Vulnerability details
Vulnerability Category | Vulnerability Impact | Severity | Pre-authentication? | Admin privileges required? | CVSS base score | CVSS vector | Magento Bug ID | CVE number(s) |
---|---|---|---|---|---|---|---|---|
Improper Input Validation (CWE-20) | Arbitrary Code Execution | Critical | yes | no | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | PRODSECBUG-3118 | CVE-2022-24086
|