Adobe acquired Magento over 18 months ago and has yet to address its security updates, until now. Adobe regularly distributes bulletins and advisories for it’s other products such as Creative Cloud, Photoshop, InDesign, Illustrator, XD, Experience Manager, ColdFusion, etc, and Magento has now been added to that list. 

Instead of the Magento Security Center, individual security issues & updates for Magento Commerce and Open Source will now be documented in Adobe’s Security Bulletin. Check out the latest updates that resolve critical and important vulnerabilities, below. 

Affected Versions at Risk 

  • Magento Commerce 2.3.3 and earlier versions
  • Magento Open Source 2.3.3 and earlier versions
  • Magento Commerce 2.2.10 and earlier versions
  • Magento Open Source 2.2.10 and earlier versions
  • Magento Enterprise Edition 1.14.4.3 and earlier versions
  • Magento Community Edition 1.9.4.3 and earlier versions

Solution

Update your Magento installation to the latest available version. As of now, the following are the newest available Magento versions.

  • Magento Commerce 2.3.4
  • Magento Open Source 2.3.4
  • Magento Commerce 2.2.11
  • Magento Open Source 2.2.11
  • Magento Enterprise Edition 1.14.4.4
  • Magento Community Edition 1.9.4.4

These Magento releases offer functional fixes to the core product, security enhancements, platform upgrades, substantial security changes, and many other improvements.

Vulnerability Category Vulnerability Impact Severity Magento Bug ID     CVE Numbers
Stored cross-site scripting     Sensitive information disclosure     Important PRODSECBUG-2543     CVE-2020-3715    
Stored cross-site scripting     Sensitive information disclosure     Important     PRODSECBUG-2599 CVE-2020-3758
Deserialization of untrusted data     Arbitrary code execution     Critical     PRODSECBUG-2579 CVE-2020-3716
Path traversal     Sensitive information disclosure     Important     PRODSECBUG-2632 CVE-2020-3717
Security bypass     Arbitrary code execution     Critical     PRODSECBUG-2633 CVE-2020-3718
SQL injection     Sensitive information disclosure     Critical     PRODSECBUG-2660 CVE-2020-3719

Would you like to learn more?

Call us on 0117 2077504 or complete the form below to discuss your project or requirements.