Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in Magento Commerce and Open Source (CVE-2020-24407
Alerts

Critical Vulnerabilities in Magento Commerce and Open Source (CVE-2020-24407

16 October 2020

Magento has released security updates to address several vulnerabilities affecting the Magento Commerce and Open Source software, out of which two vulnerabilities (CVE-2020-24407 and CVE-2020-24400) are rated as critical.

The vulnerabilities affect Magento Commerce and Magento Open Source, variations 2.3.5-p1 and earlier and 2.4.0 and earlier. Successful exploitation of the vulnerabilities could allow an attacker to perform arbitrary code execution on affected systems.

Administrators of the affected applications are advised to update to the latest version immediately.

More information is available here:
https://helpx.adobe.com/security/products/magento/apsb20-59.html
https://threatpost.com/critical-magento-holes-online-shops-code-execution/160181/

Back to top