APSB22-38 - APSB22-38: Security update available for Adobe Commerce Security Update

📅

Bulletin Information

  • Bulletin ID: APSB22-38
  • Product: APSB22-38: Security update available for Adobe Commerce
  • Published: August 09, 2022
  • Priority: 3
  • Severity: Critical

Affected Versions

  • Adobe Commerce: 2.4.3-p2 and earlier versions
  • 2.3.7-p3 and earlier versions: All
  • Adobe Commerce: 2.4.4 and earlier versions
  • Magento Open Source: 2.4.3-p2 and earlier versions
  • 2.3.7-p3 and earlier versions: All
  • …and 1 more versions

Vulnerability Details

Total Vulnerabilities: 9

Severity Breakdown:

  • Moderate: 2
  • Important: 2
  • Critical: 5

Key Vulnerabilities:

1. PRODSECBUG-3095

  • Category: XML Injection (aka Blind XPath Injection) (CWE-91)
  • Impact: Arbitrary code execution
  • Severity: Critical
  • CVSS Score: 9.1
  • Authentication Required: Yes

2. PRODSECBUG-3081

  • Category: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)
  • Impact: Arbitrary code execution
  • Severity: Critical
  • CVSS Score: 8.5
  • Authentication Required: Yes

3. PRODSECBUG-3082

  • Category: Improper Input Validation (CWE-20)
  • Impact: Privilege escalation
  • Severity: Critical
  • CVSS Score: 8.3
  • Authentication Required: Yes

…and 6 more vulnerabilities

Read Full Bulletin on Adobe Security Portal →

Previous Next Home