Adobe has alerted users of its Adobe Commerce and Magento Open Source that they face a serious vulnerability.
A security bulletin issued by the company on Sunday says: “Adobe has released security updates for AdobeCommerce and Magento Open Source. These updates resolve a vulnerability rated critical.Successful exploitation could lead to arbitrary code execution.”
The firm continues, “Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.”
The affected versions are Adobe Commerce and Magento Open Source.
The solution is for users to update their installation to the newest version.
For Adobe Commerce, that would be MDVA-43395_EE_2.4.3-p1_v1. For Magento Open Source, it is MDVA-43395_EE_2.4.3-p1_v1.
Adobe continues that pre-authentication, the vulnerability is “exploitable without credentials.”
It adds that the vulnerability is only exploitable by an attacker with administrative privileges.