Adobe has alerted users of its Adobe
Commerce and Magento Open Source that they face a serious vulnerability.
A security bulletin issued by the company on Sunday says: “Adobe has released security updates
for AdobeCommerce and Magento Open Source. These updates resolve a vulnerability rated critical.Successful exploitation could lead to arbitrary code execution.”
The firm continues, “Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.”
The
affected versions are Adobe Commerce and Magento Open Source.
The solution is for users to update their installation to the newest version.
For Adobe
Commerce, that would be MDVA-43395_EE_2.4.3-p1_v1. For Magento Open Source, it is MDVA-43395_EE_2.4.3-p1_v1.
Adobe continues that pre-authentication, the
vulnerability is “exploitable without credentials.”
It adds that the vulnerability is only exploitable by an attacker with administrative privileges.