Security News > 2022 > February > Adobe warns of second critical security hole in Adobe Commerce, Magento

Adobe warns of second critical security hole in Adobe Commerce, Magento
2022-02-18 19:20

Adobe has put out a warning about another critical security bug affecting its Magento/Adobe Commerce product - and IT pros need to install a second patch after an initial update earlier this week failed to fully plug the first one.

It's tracked as ​​CVE-2022-24087 and - like the earlier vuln, CVE-2022-24086 - impacts both Magento Open Source and Adobe Commerce.

In the updated advisory, Adobe also widened the list of affected versions for CVE-2022-24086, which is being used in "Limited attacks targeting Adobe Commerce merchants," according to the company.

In the update, Adobe warned that: "To resolve the vulnerability, you must apply two patches: MDVA-43395 patch first, and then MDVA-43443 on top of it."

We have reproduced the fresh CVE-2022-24086 Improper Input Validation vulnerability in Magento Open Source and Adobe Commerce.

Magento is a very widely used open-source ecommerce platform that was bought out by Adobe in 2018.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/02/18/adobe_magento_patch/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Adobe 105 47 824 1650 622 3143
Magento 3 4 103 65 27 199