Security News > 2022 > February > Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch Released
Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild.
The California-headquartered company also pointed out that the vulnerability is only exploitable by an attacker with administrative privileges.
The flaw affects Adobe Commerce and Magento Open Source 2.4.3-p1 and earlier versions as well as 2.3.7-p2 and earlier versions.
Adobe Commerce 2.3.3 and lower are not vulnerable.
"Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants," the company noted in an advisory published February 13, 2022.
The findings come as e-commerce malware and vulnerability detection company Sansec disclosed last week about a Magecart attack that compromised 500 sites running the Magento 1 platform with a credit card skimmer designed to siphon sensitive payment information.
News URL
https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) (source)
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Patch now: Critical Nvidia bug allows container escape, complete host takeover (source)
- Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers (source)
- Progress urges admins to patch critical WhatsUp Gold bugs ASAP (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-16 | CVE-2022-24086 | Improper Input Validation vulnerability in multiple products Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. | 10.0 |