Adobe acquired Magento over 18 months ago and has yet to address its security updates, until now. Adobe regularly distributes bulletins and advisories for it’s other products such as Creative Cloud, Photoshop, InDesign, Illustrator, XD, Experience Manager, ColdFusion, etc, and Magento has now been added to that list.
Instead of the Magento Security Center, individual security issues & updates for Magento Commerce and Open Source will now be documented in Adobe’s Security Bulletin. Check out the latest updates that resolve critical and important vulnerabilities, below.
Affected Versions at Risk
- Magento Commerce 2.3.3 and earlier versions
- Magento Open Source 2.3.3 and earlier versions
- Magento Commerce 2.2.10 and earlier versions
- Magento Open Source 2.2.10 and earlier versions
- Magento Enterprise Edition 1.14.4.3 and earlier versions
- Magento Community Edition 1.9.4.3 and earlier versions
Solution
Update your Magento installation to the latest available version. As of now, the following are the newest available Magento versions.
- Magento Commerce 2.3.4
- Magento Open Source 2.3.4
- Magento Commerce 2.2.11
- Magento Open Source 2.2.11
- Magento Enterprise Edition 1.14.4.4
- Magento Community Edition 1.9.4.4
These Magento releases offer functional fixes to the core product, security enhancements, platform upgrades, substantial security changes, and many other improvements.
| Vulnerability Category | Vulnerability Impact | Severity | Magento Bug ID | CVE Numbers |
| Stored cross-site scripting | Sensitive information disclosure | Important | PRODSECBUG-2543 | CVE-2020-3715 |
| Stored cross-site scripting | Sensitive information disclosure | Important | PRODSECBUG-2599 | CVE-2020-3758 |
| Deserialization of untrusted data | Arbitrary code execution | Critical | PRODSECBUG-2579 | CVE-2020-3716 |
| Path traversal | Sensitive information disclosure | Important | PRODSECBUG-2632 | CVE-2020-3717 |
| Security bypass | Arbitrary code execution | Critical | PRODSECBUG-2633 | CVE-2020-3718 |
| SQL injection | Sensitive information disclosure | Critical | PRODSECBUG-2660 | CVE-2020-3719 |
Would you like to learn more?
Call us on 0117 2077504 or complete the form below to discuss your project or requirements.
