Adobe Security Bulletin
Security update available for Adobe Commerce | APSB22-13
April 12, 2022
Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves a critical vulnerability. Successful exploitation could lead to arbitrary code execution.
|Adobe Commerce||2.4.3-p1 and earlier versions
|2.3.7-p2 and earlier versions
|Magento Open Source
2.4.3-p1 and earlier versions
|2.3.7-p2 and earlier versions||All|
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version.
|Vulnerability Category||Vulnerability Impact||Severity||Authentication required to exploit?||Exploit requires admin privileges?
||CVSS base score
||Magento Bug ID||CVE number(s)|
|Improper Input Validation (CWE-20)
||Arbitrary code execution
Adobe would like to thank the following researchers for reporting this issue and working with Adobe to help protect our customers:
- Blaklis and Eboda - CVE-2022-24093
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.