Security News > 2022 > February > Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released
Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild.
The California-headquartered company also pointed out that the vulnerability is only exploitable by an attacker with administrative privileges.
The flaw affects Adobe Commerce and Magento Open Source 2.4.3-p1 and earlier versions as well as 2.3.7-p2 and earlier versions.
Adobe Commerce 2.3.3 and lower are not vulnerable.
"Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants," the company noted in an advisory published February 13, 2022.
The findings come as e-commerce malware and vulnerability detection company Sansec disclosed last week about a Magecart attack that compromised 500 sites running the Magento 1 platform with a credit card skimmer designed to siphon sensitive payment information.
News URL
https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers (source)
- Progress urges admins to patch critical WhatsUp Gold bugs ASAP (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-16 | CVE-2022-24086 | Improper Input Validation vulnerability in multiple products Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. | 9.8 |