Adobe has released a critical security update (APSB24-90) to address vulnerabilities in Adobe Commerce. These vulnerabilities could allow attackers to compromise e-commerce websites, access sensitive information, or disrupt operations. Merchants and administrators are strongly urged to apply these updates immediately to secure their platforms.
Overview of the Update
This update addresses a set of vulnerabilities discovered in Adobe Commerce, a widely used e-commerce platform. Adobe is committed to ensuring the security of its customers and has worked swiftly to patch these issues.
Key details of the update:
- Severity Rating: Critical
- Impact: Successful exploitation could lead to unauthorized access, sensitive data exposure, or code execution.
- Affected Versions: Adobe Commerce and Magento Open Source powered by Commerce Services and deployed as SaaS (software as a service).3.2.5 and earlier version.
Vulnerability Details
The vulnerabilities addressed include:
- Cross-Site Scripting (XSS): Malicious scripts could be executed on the client side, potentially stealing session tokens or sensitive information.
- SQL Injection: Attackers could manipulate database queries, allowing access to unauthorized data.
- Remote Code Execution (RCE): Malicious actors could execute arbitrary code, compromising the underlying system.
For a complete list of vulnerabilities and their Common Vulnerabilities and Exposures (CVE) identifiers, refer to Adobe’s official security bulletin.
Recommended Actions
To protect your business and customers, take the following steps:
Apply the Update Immediately: Download and install the security patch from the Adobe Commerce release page.
Review Your System: Check for any signs of unauthorized access and secure sensitive information.
Follow Best Practices: Regularly update your software, use strong access controls, and monitor your system for suspicious activity.