Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution.
Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.
Magento Open Source
2.4.3-p1 and earlier versions
2.3.7-p2 and earlier versions
Adobe Commerce 2.3.3 and lower are not affected.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version.
|Vulnerability Category||Vulnerability Impact||Severity||Pre-authentication?||Admin privileges required?||CVSS base score||CVSS vector||Magento Bug ID||CVE number(s)|
|Improper Input Validation (CWE-20)||Arbitrary Code Execution||Critical||yes||no||9.8||CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H||PRODSECBUG-3118||CVE-2022-24086