Install Immediately: Magento 2 Security Patches MDVA-43395 & MDVA-43443 to Fix RCE Vulnerability
Attention Magento store owners⚠️
If you are running your store on Adobe Commerce (2.3.3-p1-2.3.7-p2) and Magento Open Source (2.4.0-2.4.3-p1), then your store is at high risk!
A zero-day bug is being exploited in the above-mentioned versions of Magento in the wild by the attackers, which has forced Adobe to roll out emergency security patches to secure the stores.
The detected RCE bug can allow the attackers to execute arbitrary codes on the stores and harm them. Here is how you can secure your online Magento store from the Adobe RCE bug.
Critical RME Bug Discovered in Adobe Commerce & Magento Open Source
On Sunday, Feb 13, 2022, Adobe released an emergency security patch – MDVA-43395 for the Magento stores to fix the newly discovered RCE bug in the Adobe Commerce and Magento Open Source. “These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution,” mentioned the Adobe security bulletin – APSB22-12.
Common Vulnerabilities and Exposures (CVE) database that manages the public security flaws, assigned CVE-2022-24086 as the tracking id to the vulnerability. CVSS declared the vulnerability to be critical and rated it 9.8/10, which needs to be fixed immediately.
On Feb 17, 2022, Abobe released another security patch – MDVA-43443 to fix the security vulnerability in the affected versions and updated the security tracking ID to CVE-2022-24087, with updated details and information on the improper input validation vulnerability. “In order to stay up to date with the latest protections, customers must apply two patches: MDVA-43395 patch first, and then MDVA-43443 on top of it,” declared Adobe.
Adobe Released MDVA-43395 & MDVA-43443 Security Patches to Fix the Vulnerability
— AdobeSecurity (@AdobeSecurity) February 13, 2022
Adobe released the following patches for the affected versions of Adobe commerce & Magento open source:
|Adobe Commerce 2.4.3 – 2.4.3-p1|
Magento Open Source 2.4.3 – 2.4.3-p1
|Adobe Commerce 2.3.4-p2 – 2.4.2-p2|
Magento Open Source 2.3.4-p2 – 2.4.2-p2
|Adobe Commerce 2.3.3-p1 – 2.3.4|
Magento Open Source 2.3.3-p1 – 2.3.4
The RCE vulnerability is highly critical and serious enough to force Adobe to warrant an immediate security patch. Thus, Meetanshi recommends patching the Magento stores with the latest Adobe security patch to build a solid security shield against the known security loophole.
You can use Meetanshi’s Magento Patch Installation Service to get the latest security patch installed on your Magento platform and safeguard your store against any such security vulnerabilities.