Are exchanged or reciprocal links okay with Google?
Etmagnis dis parturient montes, nascetur ridiculus mus. Donec lorem ipsum dolor sit amet, et consectetuer adipiscing elit. Aenean commodo ligula eget consyect etur dolor.

Contact Info

(+888)-123-4587

121 King St, Melbourne VIC 3000, Australia

info@example.com

Folow us on social

Magento Critical Vulnerabilities Announced by Adobe

Magento Critical Vulnerabilities Announced by Adobe

Adobe announced that it has released a patch for Magento 2 to address several critical vulnerabilities. Some of the vulnerabilities could allow attackers to take over management sessions as well as provide access to customer information.

The vulnerabilities affecting the popular Magento e-commerce platform affect both open source and commercial versions.

According to the release notes from Magento Open Source:

Thirty-three security enhancements that help close vulnerabilities in remote code execution (RCE) and cross-site scripting (XSS)

No confirmed attacks related to these issues have occurred to date.

However, certain vulnerabilities could potentially be exploited to gain access to customer information or take over administrator sessions. ”

Advertising

Continue reading below

Vulnerabilities patched in Magento e-commerce platform

Adobe announced the release of Magento 2.4.3, which includes a total of 33 security enhancements.

These vulnerabilities affect both the commercial and open source versions of Magento.

Commercial Magento versions affected:

2.4.2 and earlier versions 2.4.2-p1 and earlier versions 2.3.7 and earlier versions

Affected Open Source Magento Versions:

2.4.2-p1 and earlier versions 2.3.7 and earlier versions

Advertising

Continue reading below

Critical Magento Vulnerabilities

Several of the security issues have been assessed as critical.

Of particular note is that of the sixteen security risks announced by Adobe, ten of them require no administrator or user information to exploit Magento.

The remaining six vulnerabilities require an attacker to already have administrator privileges.

Eleven of the vulnerabilities are considered critical and the rest are considered important.

Eleven critical vulnerabilities in Magento

Although not all vulnerabilities should be ignored, those considered critical are relatively particularly dangerous.

There are four types of vulnerabilities:

Execution of arbitrary code (7 vulnerabilities) Bypassing security features (2) Denial-of-service application (1) Escalation of privileges (1)

Magento random code execution

The execution of arbitrary code executions that affect Magento consists of six types of attacks.

Incorrect access control Incorrect input validation Path TraversalOS command injection Forgery on the server side (SSRF) XML injection (aka Blind XPath injection)

Examples of Magento Security Feature Bypass Exploits

There are two types of security workarounds affecting Magento that are patched in Magento version 2.4.3.

Incorrect input validation
This type of problem concerns a lack of proper validation of an input too dangerous for the software to process. This allows an attacker to make an unexpected input that could lead to arbitrary code execution. Incorrect authorization
An incorrect authorization utilization is when the software does not correctly check whether the user has rights levels, as the person making the input has the correct credentials.

Advertising

Continue reading below

A common feature of the above exploits is that they allow a hacker to access sensitive places in the software so that a hacker can execute arbitrary commands.

According to Adobe’s summary:

Magento has released updates for Adobe Commerce and Magento Open Source editions. These updates address vulnerabilities that are considered critical and important. Successful exploitation can lead to arbitrary code execution. ”

Magento update version 2.4.3

It is safe to say that updating to the latest version of Magento is recommended to consider. Adobe’s release notes indicate that there are some issues with backward compatibility.

Some of the changes are released independently and can be updated that way.

Advertising

Continue reading below

Read the full release notes from Adobe in the security bulletin.

Quotes

Adobe Security Bulletin

Magento Open Source 2.4.3 Release Notes

Adobe Commerce 2.4.3 Release Notes

Minor backward compatibility issues

Major backward compatibility issues

    Leave Your Comment

    Your email address will not be published.*