Patch/Configuration Management, Vulnerability Management

Adobe patches critical Magento security vulnerabilities

Adobe issued an out-of-band security advisory and issued patches for six vulnerabilities, three critical, in its Magento Commerce and Open Source products.

The Adobe products affected are Commerce 2.3.3, Open Source 2.3.3, Enterprise Edition 1.14.4.3 and Community Edition 1.9.4.3.

The three critical vulnerabilities are CVE-2020-3716, CVE-2020-3718 and CVE-2020-3719. The first two, respectively, have a deserialization of untrusted data and security bypass flaws that can lead to arbitrary code execution. The final issue is a SQI injection that if exploited could lead to sensitive information disclosure.

The remaining vulnerabilities, CVE-2020-3715, CVE-2020-3758 and CVE-2020-3717, also can lead to sensitive information disclosure if exploited by an attacker. The first two are stored cross-site scripting issues and the last deals with a path traversal flaw.

Adobe is recommending users update to the latest version of the software.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.