Adobe Security Bulletin

Security Updates Available for Magento | APSB20-41

Bulletin ID

Date Published

Priority

ASPB20-41

June 22, 2020      

2

Summary

Magento has released updates for Magento Commerce 1 and Magento Open Source 1. These updates resolve vulnerabilities rated Important and Critical .  Successful exploitation could lead to arbitrary code execution.    

Support for Magento Commerce 1.14 and Magento Open Source 1  is ending in June 2020.  This will be the final security patches available for these editions.   

Märkus.

Magento Commerce 1 is formerly known as Magento Enterprise Edition, and Magento Open Source 1 is formerly known as Magento Community Edition.

Affected Versions

Product

Version

Platform

Magento Commerce 1

1.14.4.5 and earlier versions 

All

Magento Open Source 1

1.9.4.5 and earlier versions

All

Märkus.

These vulnerabilities do not impact Magento Commerce or Magento Open Source. 

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version.

Product

Version

Platform

Priority Rating

Availability

Magento Commerce 1  

SUPEE-11346

All

2

My Account > Downloads Tab > Magento Commerce 1.X > Magento Commerce 1.x > Support and Security Patches > Security Patches > Security

Magento Open Source 1    

SUPEE-11346

All

2

Magento Open Source Download Page > Release Archive Tab > Magento Open Source Patches - 1.x Section

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

Pre-authentication?

Admin privileges required?

Magento Bug ID

CVE numbers

PHP Object Injection

Arbitrary code execution

Critical

No

Yes

PRODSECBUG-2758

CVE-2020-9664

Stored cross-site scripting

Sensitive information disclosure

Important

No

Yes

PRODSECBUG-2759

CVE-2020-9665

Märkus.

Pre-authentication:  The vulnerability is exploitable without credentials.   

Admin privileges required:  The vulnerability is only exploitable by an attacker with administrative privileges.  

Acknowledgments

Adobe would like to thank Luke Rodgers for reporting these issues and for working with Adobe to help protect our customers.

 

Adobe logo

Logige oma kontole sisse