Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAdobe Commerce
APPAdobe2.3.72.4.32.3.3 – 2.3.62.4.0 – 2.4.2< 2.3.0Adobe Magento
APPAdobe2.3.72.4.32.4.0 – 2.4.2≤ 2.3.6< 2.3.0
CISA KEV — detailsi
- Vendori
- Adobe ↗
- Producti
- Commerce and Magento Open Source
- Added to KEVi
- February 15, 2022
- Remediation deadline (US Federal)i
- March 1, 2022(overdue)
Apply updates per vendor instructions.
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.
Related vulnerabilities
Adobe Commerce/Magento — przejęcie sesji przez Improper Input Validation
Krytyczna podatność XXE w Adobe Commerce umożliwiająca RCE
Adobe Commerce — Incorrect Authorization umożliwiające privilege escalation
Adobe Commerce — nieprawidłowe uwierzytelnienie umożliwiające privilege escalation
Adobe Commerce — RCE poprzez nieograniczony upload niebezpiecznych plików