APSB24-18 - Adobe-Commerce Security Update

Security Bulletins

Bulletin Information

  • Bulletin ID: APSB24-18
  • Published: April 09, 2024
  • Priority: 3
  • Severity: Critical
  • CVE Count: 2

Affected Versions

  • Adobe Commerce: 2.4.7-beta3 and earlier2.4.6-p4 and earlier2.4.5-p6 and earlier2.4.4-p7 and earlier2.4.3-ext-6 and earlier2.4.2-ext-6 and earlier
  • Magento Open Source: 2.4.7-beta3 and earlier2.4.6-p4 and earlier2.4.5-p6 and earlier2.4.4-p7 and earlier

Vulnerability Details

Total Vulnerabilities: 2

Severity Breakdown:

  • Critical: 2

Key Vulnerabilities:

1. CVE-2024-20758

  • Category: Improper Input Validation (CWE-20)
  • Impact: Arbitrary code execution
  • Severity: Critical
  • CVSS Score: 9
  • Authentication Required: No

2. CVE-2024-20759

  • Category: Cross-site Scripting (Stored XSS) (CWE-79)
  • Impact: Arbitrary code execution
  • Severity: Critical
  • CVSS Score: 8.1
  • Authentication Required: Yes

CVE Identifiers

CVE-2024-20759, CVE-2024-20758

Read Full Bulletin on Adobe Security Portal →

All Bulletins Security Bulletins Bulletins Home