Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Zero-Day Vulnerability in Adobe Commerce and Magento Open Source Platforms
Alerts

Zero-Day Vulnerability in Adobe Commerce and Magento Open Source Platforms

14 February 2022

Adobe has released a security update to address a zero-day vulnerability (CVE-2022-24086) in its Commerce and Magento Open Source platforms that may have been actively exploited.

Successful exploitation of the vulnerability may allow an attacker to execute commands on the affected platforms remotely.

The vulnerability affects versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier of the Adobe Commerce and Magento Open Source platforms.

Administrators of the affected products are advised to install the latest security updates immediately.

More information is available here:
https://www.securityweek.com/adobe-releases-emergency-patch-exploited-commerce-zero-day 
https://helpx.adobe.com/security/products/magento/apsb22-12.html 


Back to top