CVE-2022-24087 is another critical vulnerability that Adobe had to address quickly, following the disclosure of CVE-2022-24086.
CVE-2022-24087: New Critical Adobe Bug
CVE-2022-24086 is a critical, zero-day security vulnerability that affected Adobe’s Commerce and Magento open-source products. The vulnerability, which has a CVSS score of 9.8 out of 10, was reported to be actively exploited in the wild in limited attacks. The new flaw, CVE-2022-24086, has the same severity level.
According to the official advisory, CVE-2022-24086 has been exploited in the wild in limited attacks targeting Adobe Commerce merchants. However, there’s no knowledge of active exploits targeting the new CVE-2022-24087 flaw.
Nonetheless, it should be noted that threat actors can abuse both vulnerabilities to perform unauthenticated, remote code execution attacks. Both flaws impact Adobe Commerce and Magento Open Source 2.3.3-p1 – 2.3.7-p2, and 2.4.0 – 2.4.3-p1. Fortunately, versions 2.3.0 to 2.3.3 aren’t affected by the bugs.
The company has thanked the Eboda & Blaklis researchers for reporting the new issue. Affected customers can refer to the official update advisory.