Adobe Security Bulletin

Security update available for Adobe Commerce | APSB22-13 

Bulletin ID

Date Published

Priority

APSB22-13

April 12, 2022
      

3

Summary

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves a critical vulnerability.  Successful exploitation could lead to arbitrary code execution.

Affected Versions

Product Version Platform
 Adobe Commerce 2.4.3-p1 and earlier versions  
All
2.3.7-p2 and earlier versions  
All
Magento Open Source

2.4.3-p1 and earlier versions       

All
2.3.7-p2 and earlier versions All

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version.

Product Updated Version Platform Priority Rating Installation Instructions
Adobe Commerce
2.3.7-p3, 2.4.3-p2, 2.4.4
All
1

2.4.x release notes

2.3.x release notes

Magento Open Source 
2.3.7-p3, 2.4.3-p2, 2.4.4
All
1

Vulnerability Details

Vulnerability Category Vulnerability Impact Severity Authentication required to exploit? Exploit requires admin privileges?
CVSS base score
CVSS vector
Magento Bug ID CVE number(s)
Improper Input Validation (CWE-20)
Arbitrary code execution
Critical Yes Yes 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
PRODSECBUG-3137
CVE-2022-24093

 

Acknowledgements

Adobe would like to thank the following researchers for reporting this issue and working with Adobe to help protect our customers:

  • Blaklis and Eboda - CVE-2022-24093

 


For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

Get help faster and easier

New user?