Adobe on Tuesday shippedto remediate a number of important vulnerabilities in its Magento e-commerce platform that may very well be abused by an attacker to execute arbitrary code and take management of a weak system.
Thehave an effect on 2.3.7, 2.4.2-p1, 2.4.2, and earlier variations of Magento Commerce, and a pair of.3.7, 2.4.2-p1, and all prior variations of Magento Open Supply version. Of the 26 flaws addressed, 20 are rated important, and 6 are rated Necessary in severity. Not one of the vulnerabilities mounted this month by Adobe are listed as publicly identified or underneath lively assault on the time of launch.
Essentially the most regarding of the bugs are as follows –
- CVE-2021-36021, CVE-2021-36024, CVE-2021-36025, CVE-2021-36034, CVE-2021-36035, CVE-2021-36040, CVE-2021-36041, and CVE-2021-36042 (CVSS rating: 9.1) – Arbitrary code execution because of improper enter validation
- CVE-2021-36022 and CVE-2021-36023 (CVSS rating: 9.1) – Arbitrary code execution because of OS command injection
- CVE-2021-36028 and CVE-2021-36033 (CVSS rating: 9.1) – Arbitrary code execution because of XML injection
- CVE-2021-36036 (CVSS rating: 9.1) – Arbitrary code execution because of improper entry management
- CVE-2021-36029 (CVSS rating: 9.1) – Safety characteristic bypass
- CVE-2021-36032 (CVSS rating: 8.3) – Privilege escalation
- CVE-2021-36020 (CVSS rating: 8.2) – Arbitrary code execution because of XML injection
- CVE-2021-36043 (CVSS rating: 8.0) – Arbitrary code execution because of server-side request forgery (SSRF)
- CVE-2021-36044 (CVSS rating: 7.5) – Utility denial-of-service
- CVE-2021-36030 (CVSS rating: 7.5) – Safety characteristic bypass
- CVE-2021-36031 (CVSS rating: 7.2) – Arbitrary code execution because of path traversal
Profitable exploitation of the aforementioned pre-authentication vulnerabilities may very well be abused by an adversary to escalate privileges and run malicious code, thus enabling the menace actor to grab management of a Magento web site and its server.
Customers are extremely suggested to maneuver shortly to obtain the suitable patches and set up them to mitigate the dangers related to the issues.