Adobe Security Bulletin

Last updated on 21 April 2022

Security update available for Adobe Commerce | APSB22-13 

Bulletin ID	Date Published	Priority
APSB22-13	April 12, 2022	3

Summary

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves a critical vulnerability.  Successful exploitation could lead to arbitrary code execution.

Affected Versions

Product	Version	Platform
Adobe Commerce	2.4.3-p1 and earlier versions	All
Adobe Commerce	2.3.7-p2 and earlier versions	All
Magento Open Source	2.4.3-p1 and earlier versions	All
Magento Open Source	2.3.7-p2 and earlier versions	All

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version.

Product	Updated Version	Platform	Priority Rating	Installation Instructions
Adobe Commerce	2.3.7-p3, 2.4.3-p2, 2.4.4	All	1	2.4.x release notes 2.3.x release notes
Magento Open Source	2.3.7-p3, 2.4.3-p2, 2.4.4	All	1

Product

Updated Version

Platform

Priority Rating

Installation Instructions

Adobe Commerce

2.3.7-p3, 2.4.3-p2, 2.4.4

All

2.4.x release notes

2.3.x release notes

Magento Open Source

2.3.7-p3, 2.4.3-p2, 2.4.4

All

Vulnerability Details

Vulnerability Category	Vulnerability Impact	Severity	Authentication required to exploit?	Exploit requires admin privileges?	CVSS base score	CVSS vector	Magento Bug ID	CVE number(s)
Improper Input Validation (CWE-20)	Arbitrary code execution	Critical	Yes	Yes	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	PRODSECBUG-3137	CVE-2022-24093

Acknowledgements

Adobe would like to thank the following researchers for reporting this issue and working with Adobe to help protect our customers:

Blaklis and Eboda - CVE-2022-24093

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

Adobe

Get help faster and easier

New user?