Security News > 2022 > February > Adobe warns of second critical security hole in Adobe Commerce, Magento
Adobe has put out a warning about another critical security bug affecting its Magento/Adobe Commerce product - and IT pros need to install a second patch after an initial update earlier this week failed to fully plug the first one.
It's tracked as CVE-2022-24087 and - like the earlier vuln, CVE-2022-24086 - impacts both Magento Open Source and Adobe Commerce.
In the updated advisory, Adobe also widened the list of affected versions for CVE-2022-24086, which is being used in "Limited attacks targeting Adobe Commerce merchants," according to the company.
In the update, Adobe warned that: "To resolve the vulnerability, you must apply two patches: MDVA-43395 patch first, and then MDVA-43443 on top of it."
We have reproduced the fresh CVE-2022-24086 Improper Input Validation vulnerability in Magento Open Source and Adobe Commerce.
Magento is a very widely used open-source ecommerce platform that was bought out by Adobe in 2018.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/02/18/adobe_magento_patch/
Related news
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Major security audit of critical FreeBSD components now available (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-16 | CVE-2022-24086 | Improper Input Validation vulnerability in multiple products Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. | 9.8 |