Adobe has recently released a critical security update for its Adobe Commerce and Magento Open Source platforms. The purpose of this blog post is to cover the specifics of this update, the possible risks it minimizes, and actionable steps users can take to strengthen their security posture.
Understanding the Issue:
The security update, identified as APSB24-18, was released on April 9, 2024. It addresses critical vulnerabilities present in Adobe Commerce and Magento Open Source. These vulnerabilities, if exploited, could lead to arbitrary code execution.
Affected Versions:
The affected versions include various iterations of Adobe Commerce and Magento Open Source. Users of versions before the following are urged to take immediate action:
- Adobe Commerce: 2.4.7-beta3 and earlier, 2.4.6-p4 and earlier, 2.4.5-p6 and earlier, 2.4.4-p7 and earlier, and more.
- Magento Open Source: 2.4.7-beta3 and earlier, 2.4.6-p4 and earlier, 2.4.5-p6 and earlier, and 2.4.4-p7 and earlier.
Solution:
Adobe has provided updated versions for both Adobe Commerce and Magento Open Source to address these vulnerabilities. Adobe has categorized the updates with the priority ratings and users are strongly advised to update their installations to the newest versions as soon as possible. Detailed installation instructions are available on Adobe’s website.
Vulnerability Details:
The vulnerabilities encompass various categories, including Improper Input Validation (CWE-20) and Cross-site Scripting (Stored XSS). Both vulnerabilities pose the risk of arbitrary code execution.
You can find more detailed information about the security update APSB24-18 for Adobe Commerce and Magento Open Source by visiting the following link: Adobe Security Bulletin APSB24-18.