Security News > 2022 > February > Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released
Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild.
The California-headquartered company also pointed out that the vulnerability is only exploitable by an attacker with administrative privileges.
The flaw affects Adobe Commerce and Magento Open Source 2.4.3-p1 and earlier versions as well as 2.3.7-p2 and earlier versions.
Adobe Commerce 2.3.3 and lower are not vulnerable.
"Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants," the company noted in an advisory published February 13, 2022.
The findings come as e-commerce malware and vulnerability detection company Sansec disclosed last week about a Magecart attack that compromised 500 sites running the Magento 1 platform with a credit card skimmer designed to siphon sensitive payment information.
News URL
https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html
Related news
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-16 | CVE-2022-24086 | Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. | 0.0 |