Select Page

Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild.

Tracked as CVE-2022-24086, the shortcoming has a CVSS score of 9.8 out of 10 on the vulnerability scoring system and has been characterized as an “improper input validation” issue that could be weaponized to achieve arbitrary code execution.

It’s also a pre-authenticated flaw, meaning it could be exploited without requiring any credentials. Additionally, the California-headquartered company pointed out that the vulnerability can be exploited by an attacker with non-administrative privileges.

The flaw affects Adobe Commerce and Magento Open Source 2.4.3-p1 and earlier versions as well as 2.3.7-p2 and earlier versions. Adobe Commerce 2.3.3 and lower are not vulnerable.

images from Hacker News