Home > Cyber News > CVE-2022-24086: Zero-Day in Adobe Commerce and Magento Platforms
CYBER NEWS

CVE-2022-24086: Zero-Day in Adobe Commerce and Magento Platforms

CVE-2022-24086: Zero-Day in Adobe Commerce and Magento Platforms
CVE-2022-24086 is a critical, zero-day security vulnerability affecting Adobe’s Commerce and Magento open-source products.

The vulnerability, which has a CVSS score of 9.8 out of 10, is actively exploited in the wild in limited attacks. Fortunately, a patch is already available and should be applied immediately to avoid remote code execution attacks.

More about CVE-2022-24086

Adobe just released a security update to fix a zero-day flaw in its Commerce and Magento Open Source platforms. The flaw itself is caused by improper input validation, and could cause remote code execution. In case of a successful exploit based on CVE-2022-24086, threat actors could execute remote commands on affected hosts.

The zero-day issue affects versions 2.4.3-p1 and earlier, as well as 2.3.7-p2 and earlier of the Adobe Commerce and Magento Open Source platforms.

Administrators of the affected products should install the latest security updates as soon as possible.

Related: Vulnerable Magento Extensions Exploited to Plant Skimmers

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...