With UBC’s Digital Payment Program to replace ePayment launching soon, ePayment onboarding requests will be redirected to DPP

Learn more

You are here:
Home > Security Alert: Critical Vulnerability in Adobe Commerce and Magento Open Source

Security Alert: Critical Vulnerability in Adobe Commerce and Magento Open Source

This information can also be viewed at hxxps://cc.cybersecurity.ubc.ca/vulnerabilities/cve-2022-24086/

Summary
Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution.
Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.

Affected Versions
Product Version Platform
Adobe Commerce 2.4.3-p1 and earlier versions All
2.3.7-p2 and earlier versions All
Magento Open Source 2.4.3-p1 and earlier versions All
2.3.7-p2 and earlier versions All
Adobe Commerce 2.3.3 and lower are not affected.

Updated Versions
Product Version
Adobe Commerce MDVA-43395_EE_2.4.3-p1_v1
Magento Open Source MDVA-43395_EE_2.4.3-p1_v1

Actions Required
This vulnerability is rated as an overall CRITICAL risk. Please apply the updates within 72 hours of receiving this notification.
For more information on these vulnerabilities, please refer to links in references.
1. Locate the device or application and investigate.
2. Notify business owner(s).
3. Apply updates as required within 72 hours of receiving this notification.

References
[1] Adobe Security Advisory
hxxps://helpx.adobe.com/security/products/magento/apsb22-12.html

[2] Patches / Installation instructions
hxxps://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12-

A place of mind, The University of British Columbia

UBC Information Technology
6356 Agriculture Road
Vancouver, BC V6T 1Z2,

Emergency Procedures | Accessibility | Contact UBC | © Copyright The University of British Columbia