Bulletin ID
        
            
                Last updated on 
                
                    Dec 20, 2021
                
            
            
                 | 
                
                    Also applies to Digital Editions
                
            
        
        
            
        
    
Security Updates Available for Magento | APSB21-30
|  | Date Published | Priority | 
|---|---|---|
| ASPB21-30 | May 11, 2021 | 2 | 
Summary
Affected Versions
| Product | Version | Platform | 
|---|---|---|
| Magento Commerce | 2.4.2 and earlier versions | All | 
| 2.4.1-p1 and earlier versions | All | |
| 2.3.6-p1 and earlier versions | All | |
| Magento Open Source | 2.4.2 and earlier versions | All | 
| 2.4.1-p1 and earlier versions | All | |
| 2.3.6-p1 and earlier versions | All | 
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version.
| Product | Updated Version | Platform | Priority Rating | Release Notes | 
|---|---|---|---|---|
| Magento Commerce | 2.4.2-p1 | All | 2 | |
| 2.3.7 | All | 2 | ||
| Magento Open Source | 2.4.2-p1 | All | 2 | |
| 2.3.7 | All | 2 | 
Vulnerability details
    
           
        Note
    
    
    
     
     
    
        
            
    
    
Pre-authentication: The vulnerability is exploitable without credentials.
Admin privileges required: The vulnerability is only exploitable by an attacker with administrative privileges.
Additional technical descriptions of the CVEs referenced in this document will be made available on MITRE and NVD sites.
Acknowledgments
Adobe would like to thank the following individuals for reporting the relevant issues and for working with Adobe to help protect our customers:
- Kien Hoang (CVE-2021-28567)
- Nuswantara Gading Alfa Putranto - Ethic Ninja (https://ethic.ninja) (CVE-2021-28566)
- Charybdis (CVE-2021-28556)
- Igor Wulff (CVE-2021-28583)
- Derp47 (CVE-2021-28584)