Security News > 2022 > February > Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released

Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released
2022-02-14 20:08

Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild.

The California-headquartered company also pointed out that the vulnerability is only exploitable by an attacker with administrative privileges.

The flaw affects Adobe Commerce and Magento Open Source 2.4.3-p1 and earlier versions as well as 2.3.7-p2 and earlier versions.

Adobe Commerce 2.3.3 and lower are not vulnerable.

"Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants," the company noted in an advisory published February 13, 2022.

The findings come as e-commerce malware and vulnerability detection company Sansec disclosed last week about a Magecart attack that compromised 500 sites running the Magento 1 platform with a credit card skimmer designed to siphon sensitive payment information.


News URL

https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-16 CVE-2022-24086 Improper Input Validation vulnerability in multiple products
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process.
network
low complexity
magento adobe CWE-20
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Magento 3 4 106 68 28 206