Is your store secure?
Well, store owners of Adobe Commerce and Magento Open Source need not worry anymore about the security of the store.
Adobe Security Bulletin published a security patch called APSB22-13 for Adobe Commerce on 12th April, 2022.
Adobe Security Bulletin published a security patch called APSB22-12 for Adobe Commerce on 13th February, 2022.
These security patches are available for all the latest versions of Adobe Commerce and Magento Open Source. Let’s find out more about the security update for Adobe Commerce and why it is crucial to apply it.
What is APSB22-12 Security Update for?
Security update released by Adobe is available for Adobe Commerce and Magento Open Source. The security patch update settles vulnerabilities that are rated critical. Successful exploitation could lead to arbitrary code execution.
Adobe mentions, “Adobe is aware that CVE-2022-24086 has been used in very limited attacks targeting Adobe Commerce merchants. Adobe is not aware of any exploits in the wild for the issue addressed in this update (CVE-2022-24087).”
APSB22-12: Security update available for Adobe Commerce
APSB22-13: Security update available for Adobe Commerce
Versions that need Security Patch
The affected versions of Adobe Commerce are:
- Adobe Commerce 2.4.3-p1 and previous versions
- Adobe Commerce 2.3.7-p2 and previous versions
Note: Adobe Commerce versions 2.3.0 to 2.3.3 are unaffected.
The affected versions of Magento Open Source are:
- Magento Open Source 2.4.3-p1 and previous versions
- Magento Open Source 2.3.7-p2 and previous versions
Note: Magento Open Source versions 2.3.0 to 2.3.3 are unaffected.
Solution to resolve RCE vulnerability
In order to solve the vulnerability issue, you need to implement two patches
- First, apply MDVA-43395
- Then, MDVA-43443 on top of it
Based on your current Adobe Commerce or Magento Open Source version, apply patches from the following updates:
|Adobe Commerce and Magento Open Source 2.4.3 – 2.4.3-p1||MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip and MDVA-43443_EE_2.4.3-p1_COMPOSER_v1.patch.zip
MDVA-43395_EE_2.4.3-p1_v1.patch.zip and MDVA-43443_EE_2.4.3-p1_v1.patch.zip
|Adobe Commerce and Magento Open Source 2.3.4-p2 – 2.4.2-p2||MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip and MDVA-43443_EE_2.4.2-p2_COMPOSER_v1.patch.zip
MDVA-43395_EE_2.4.3-p1_v1.patch.zip and MDVA-43443_EE_2.4.2-p2_v1.patch.zip
|Adobe Commerce and Magento Open Source 2.3.3-p1 – 2.3.4||MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip and MDVA-43443_EE_2.3.4_COMPOSER_v1.patch.zip
MDVA-43395_EE_2.4.3-p1_v1.patch.zip and MDVA-43443_EE_2.3.4_v1.patch.zip
Apply Composer Patch provided by Adobe
Firstly, unzip the patch file and follow the step-by-step instructions provided by Adobe to apply the composer patch for Adobe Commerce on-premises, Adobe Commerce on cloud infrastructure, and Magento Open Source.
Find Instructions to Apply Composer Patch – Click Here
Security of your Magento 2 store is important and thus it is commendable to upgrade your store with the latest security patch. Avail Magento Security Patches Installation Service to prevent your store from vulnerabilities and threat attacks.