Adobe released patches on Sunday to address a critical security vulnerability affecting its Commerce and Magento Open Source products, which it claims is being actively exploited in the wild.

The flaw, identified as CVE-2022-24086, has a CVSS score of 9.8 out of 10 and has been described as a “improper input validation” issue that could be weaponized to achieve arbitrary code execution.

It’s also a pre-authenticated flaw, which means it can be exploited without any credentials. However, the California-based company also stated that the vulnerability can only be exploited by an attacker with administrative privileges.

Adobe Commerce and Magento Open Source 2.4.3-p1 and earlier versions, as well as 2.3.7-p2 and earlier versions, are affected by the flaw. Adobe Commerce 2.3.3 and earlier are not at risk.

The organisation said that ,” Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants”.

Finally the researchers reported that ,” The findings follow last week’s disclosure by Sansec, an e-commerce malware and vulnerability detection company of a Magecart attack that compromised 500 sites running the Magento 1 platform with a credit card skimmer designed to syphon sensitive payment information.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s