Security News > 2022 > February > Adobe warns of second critical security hole in Adobe Commerce, Magento

Adobe warns of second critical security hole in Adobe Commerce, Magento
2022-02-18 19:20

Adobe has put out a warning about another critical security bug affecting its Magento/Adobe Commerce product - and IT pros need to install a second patch after an initial update earlier this week failed to fully plug the first one.

It's tracked as ​​CVE-2022-24087 and - like the earlier vuln, CVE-2022-24086 - impacts both Magento Open Source and Adobe Commerce.

In the updated advisory, Adobe also widened the list of affected versions for CVE-2022-24086, which is being used in "Limited attacks targeting Adobe Commerce merchants," according to the company.

In the update, Adobe warned that: "To resolve the vulnerability, you must apply two patches: MDVA-43395 patch first, and then MDVA-43443 on top of it."

We have reproduced the fresh CVE-2022-24086 Improper Input Validation vulnerability in Magento Open Source and Adobe Commerce.

Magento is a very widely used open-source ecommerce platform that was bought out by Adobe in 2018.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/02/18/adobe_magento_patch/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-16 CVE-2022-24086 Improper Input Validation vulnerability in multiple products
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process.
network
low complexity
magento adobe CWE-20
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Adobe 112 77 1333 1988 640 4038
Magento 3 4 106 68 28 206