Adobe Security Bulletin

Security updates available for Adobe Commerce | APSB21-86

Bulletin ID

Date Published

Priority

APSB21-86

October 12, 2021
      

2

Summary

Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated important. Successful exploitation could lead to security feature bypass.
      

Affected Versions

Product Version Platform
Adobe Commerce
2.4.2-p2 and earlier versions 
All
2.4.3 and earlier versions  
All
2.3.7-p1 and earlier versions  
All
Magento Open Source 
2.4.2-p2 and earlier versions  
All

2.4.3 and earlier versions       

All
2.3.7-p1 and earlier versions All

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version.

Product Updated Version Platform Priority Rating Release Notes
Adobe Commerce
2.4.3-p1  
All
2

2.4.x release notes

2.3.x release notes

2.3.7-p2
All
2
Magento Open Source 
2.4.3-p1  
All
2
2.3.7-p2
All 2

Vulnerability details

Vulnerability Category Vulnerability Impact Severity Pre-authentication? Admin privileges required?

CVSS base score
CVSS vector
Magento Bug ID CVE numbers

Cross-Site Request Forgery (CSRF) (CWE-352

Security feature bypass 

Important

yes

no

6.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N



PRODSECBUG-3029 

CVE-2021-39864 

 

 

Note:

Pre-authentication:  The vulnerability is exploitable without credentials.   

Admin privileges required:  The vulnerability is only exploitable by an attacker with administrative privileges.  

 

 


For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

Get help faster and easier

New user?