Skip to main content

Adobe Magento Multiple Vulnerabilities

Last Update Date: 4 May 2020 10:18 Release Date: 4 May 2020 3347 Views

RISK: Medium Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

Multiple vulnerabilities were identified in Adobe Magento, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.


Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Magento Commerce 2.3.4 and earlier versions
  • Magento Commerce 2.2.11 and earlier versions*
  • Magento Open Source 2.3.4 and earlier versions
  • Magento Open Source 2.2.11 and earlier versions*
  • Magento Enterprise Edition 1.14.4.4 and earlier versions
  • Magento Community Edition 1.9.4.4 and earlier versions

 

*Note: Magento 2.2.x reached end of support on December 31, 2019.

 

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

  • Apply fixes issued by the vendor:
    Magento Commerce 2.3.4-p2
    Magento Commerce 2.3.5-p1
    Magento Open Source 2.3.4-p2
    Magento Open Source 2.3.5-p1
    Magento Enterprise Edition 1.14.4.5
    Magento Community Edition 1.9.4.5

    For detail, please refer to the link below:
    https://helpx.adobe.com/security/products/magento/apsb20-22.html
  •  


Vulnerability Identifier


Source


Related Link