Site icon MageComp Blog

Critical RCE Vulnerability in Adobe Commerce: Fix Security Patches MDVA-43395 & MDVA-43443

Critical RCE Vulnerability in Adobe Commerce Fix Security Patches MDVA43395 MDVA43443

Is your store secure?

Well, store owners of Adobe Commerce and Magento Open Source need not worry anymore about the security of the store.

Adobe Security Bulletin published a security patch called APSB22-13 for Adobe Commerce on 12th April, 2022.

Adobe Security Bulletin published a security patch called APSB22-12 for Adobe Commerce on 13th February, 2022.

These security patches are available for all the latest versions of Adobe Commerce and Magento Open Source. Let’s find out more about the security update for Adobe Commerce and why it is crucial to apply it.

What is APSB22-12 Security Update for?

Security update released by Adobe is available for Adobe Commerce and Magento Open Source. The security patch update settles vulnerabilities that are rated critical. Successful exploitation could lead to arbitrary code execution.

Adobe mentions, “Adobe is aware that CVE-2022-24086 has been used in very limited attacks targeting Adobe Commerce merchants. Adobe is not aware of any exploits in the wild for the issue addressed in this update (CVE-2022-24087).”

APSB22-12: Security update available for Adobe Commerce

APSB22-13: Security update available for Adobe Commerce

Versions that need Security Patch

The affected versions of Adobe Commerce are:

Note: Adobe Commerce versions 2.3.0 to 2.3.3 are unaffected.

The affected versions of Magento Open Source are:

Note: Magento Open Source versions 2.3.0 to 2.3.3 are unaffected.

Solution to resolve RCE vulnerability

In order to solve the vulnerability issue, you need to implement two patches

Based on your current Adobe Commerce or Magento Open Source version, apply patches from the following updates:

Product Upgraded Version
Adobe Commerce and Magento Open Source 2.4.3 – 2.4.3-p1 MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip and MDVA-43443_EE_2.4.3-p1_COMPOSER_v1.patch.zip

MDVA-43395_EE_2.4.3-p1_v1.patch.zip and MDVA-43443_EE_2.4.3-p1_v1.patch.zip

Adobe Commerce and Magento Open Source 2.3.4-p2 – 2.4.2-p2 MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip and MDVA-43443_EE_2.4.2-p2_COMPOSER_v1.patch.zip

MDVA-43395_EE_2.4.3-p1_v1.patch.zip and MDVA-43443_EE_2.4.2-p2_v1.patch.zip

Adobe Commerce  and Magento Open Source 2.3.3-p1 – 2.3.4 MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip and MDVA-43443_EE_2.3.4_COMPOSER_v1.patch.zip

MDVA-43395_EE_2.4.3-p1_v1.patch.zip and MDVA-43443_EE_2.3.4_v1.patch.zip

Apply Composer Patch provided by Adobe

Firstly, unzip the patch file and follow the step-by-step instructions provided by Adobe to apply the composer patch for Adobe Commerce on-premises, Adobe Commerce on cloud infrastructure, and Magento Open Source.

Find Instructions to Apply Composer Patch – Click Here

Final Words:

Security of your Magento 2 store is important and thus it is commendable to upgrade your store with the latest security patch. Avail Magento Security Patches Installation Service to prevent your store from vulnerabilities and threat attacks.

Exit mobile version