This information can also be viewed at hxxps://cc.cybersecurity.ubc.ca/vulnerabilities/cve-2022-24086/
Summary
Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution.
Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.
Affected Versions
Product Version Platform
Adobe Commerce 2.4.3-p1 and earlier versions All
2.3.7-p2 and earlier versions All
Magento Open Source 2.4.3-p1 and earlier versions All
2.3.7-p2 and earlier versions All
Adobe Commerce 2.3.3 and lower are not affected.
Updated Versions
Product Version
Adobe Commerce MDVA-43395_EE_2.4.3-p1_v1
Magento Open Source MDVA-43395_EE_2.4.3-p1_v1
Actions Required
This vulnerability is rated as an overall CRITICAL risk. Please apply the updates within 72 hours of receiving this notification.
For more information on these vulnerabilities, please refer to links in references.
1. Locate the device or application and investigate.
2. Notify business owner(s).
3. Apply updates as required within 72 hours of receiving this notification.
References
[1] Adobe Security Advisory
hxxps://helpx.adobe.com/security/products/magento/apsb22-12.html
[2] Patches / Installation instructions
hxxps://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12-