Skip to content
latest-magento-security-updates-via-adobe-security-bulletin

Latest Magento Security Updates Via Adobe Security Bulletin

Adobe acquired Magento over 18 months ago and has yet to address its security updates, until now. Adobe regularly distributes bulletins and advisories for it’s other products such as Creative Cloud, Photoshop, InDesign, Illustrator, XD, Experience Manager, ColdFusion, etc, and Magento has now been added to that list. 

Instead of the Magento Security Center, individual security issues & updates for Magento Commerce and Open Source will now be documented in Adobe’s Security Bulletin. Check out the latest updates that resolve critical and important vulnerabilities, below. 

Affected Versions at Risk 

  • Magento Commerce 2.3.3 and earlier versions
  • Magento Open Source 2.3.3 and earlier versions
  • Magento Commerce 2.2.10 and earlier versions
  • Magento Open Source 2.2.10 and earlier versions
  • Magento Enterprise Edition 1.14.4.3 and earlier versions
  • Magento Community Edition 1.9.4.3 and earlier versions

Solution

Update your Magento installation to the latest available version. As of now, the following are the newest available Magento versions.

  • Magento Commerce 2.3.4
  • Magento Open Source 2.3.4
  • Magento Commerce 2.2.11
  • Magento Open Source 2.2.11
  • Magento Enterprise Edition 1.14.4.4
  • Magento Community Edition 1.9.4.4

These Magento releases offer functional fixes to the core product, security enhancements, platform upgrades, substantial security changes, and many other improvements.

Vulnerability CategoryVulnerability ImpactSeverityMagento Bug ID    CVE Numbers
Stored cross-site scripting    Sensitive information disclosure    ImportantPRODSECBUG-2543    CVE-2020-3715    
Stored cross-site scripting    Sensitive information disclosure    Important    PRODSECBUG-2599CVE-2020-3758
Deserialization of untrusted data    Arbitrary code execution    Critical    PRODSECBUG-2579CVE-2020-3716
Path traversal    Sensitive information disclosure    Important    PRODSECBUG-2632CVE-2020-3717
Security bypass    Arbitrary code execution    Critical    PRODSECBUG-2633CVE-2020-3718
SQL injection    Sensitive information disclosure    Critical    PRODSECBUG-2660CVE-2020-3719

Share or save for later:

Posted in