Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in Magento Commerce and Open Source (CVE-2020-24407
Alerts

Critical Vulnerabilities in Magento Commerce and Open Source (CVE-2020-24407

16 October 2020

Magento has released security updates to address several vulnerabilities affecting the Magento Commerce and Open Source software, out of which two vulnerabilities (CVE-2020-24407 and CVE-2020-24400) are rated as critical.

The vulnerabilities affect Magento Commerce and Magento Open Source, variations 2.3.5-p1 and earlier and 2.4.0 and earlier. Successful exploitation of the vulnerabilities could allow an attacker to perform arbitrary code execution on affected systems.

Administrators of the affected applications are advised to update to the latest version immediately.

More information is available here:
https://helpx.adobe.com/security/products/magento/apsb20-59.html
https://threatpost.com/critical-magento-holes-online-shops-code-execution/160181/

Back to top