CVE-2022-24087 is another critical vulnerability that Adobe had to address quickly, following the disclosure of CVE-2022-24086.
CVE-2022-24087: New Critical Adobe Bug
CVE-2022-24086 is a critical, zero-day security vulnerability that affected Adobe’s Commerce and Magento open-source products. The vulnerability, which has a CVSS score of 9.8 out of 10, was reported to be actively exploited in the wild in limited attacks. The new flaw, CVE-2022-24086, has the same severity level.
According to the official advisory, CVE-2022-24086 has been exploited in the wild in limited attacks targeting Adobe Commerce merchants. However, there’s no knowledge of active exploits targeting the new CVE-2022-24087 flaw.
Nonetheless, it should be noted that threat actors can abuse both vulnerabilities to perform unauthenticated, remote code execution attacks. Both flaws impact Adobe Commerce and Magento Open Source 2.3.3-p1 – 2.3.7-p2, and 2.4.0 – 2.4.3-p1. Fortunately, versions 2.3.0 to 2.3.3 aren’t affected by the bugs.
The company has thanked the Eboda & Blaklis researchers for reporting the new issue. Affected customers can refer to the official update advisory.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: