A recently discovered critical security vulnerability is being actively exploited, tracked as CVE-2022-24086, is affecting websites using Adobe Commerce and Magento Open Source.
A recently found exploit allows attacks without authentication
The exploit works by improper input validation. The input validation is used to check potentially dangerous inputs to ensure that the inputs are safe for processing within the code, or when communicating with other components.
When software does not validate input properly, an attacker is able to craft the input in a form not expected by the rest of the application. This leads to parts of the system receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.
On February 13, the tech giant said that the vulnerability impacts Adobe Commerce and Magento Open Source, and according to the firm’s threat data, the security flaw is being weaponized.
This vulnerability has been issued a CVSS severity score of 9.8 out of 10, the maximum severity rating possible.
Adobe released an emergency patch on Feb 13, which secures the affected Adobe Commerce and Magento Open Sources versions from this exploit.
Who is at Risk?
All Adobe Commerce and Magento Open Source 2.4.3 p1 and 2.3.7 p2 and earlier versions.
Do not hesitate to apply the security patch today.
ioVista offers expert Adobe Commerce and Open Source Magento Maintenance and Support by Magento Certified developers at reasonable rates with a quick response time. Contact us today to apply this patch.
Or click here to download the patch and apply it yourself.