Adobe Magento Multiple Vulnerabilities
Last Update Date:
21 Oct 2020
Release Date:
16 Oct 2020
4834
Views
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities were identified in Adobe Magento Products, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, disclose sensitive information, cross-site scripting and bypass security restriction on the targeted system.
Impact
- Cross-Site Scripting
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Magento Commerce 2.3.5-p1 and earlier versions
- Magento Commerce 2.3.5-p2 and earlier versions
- Magento Commerce 2.4.0 and earlier versions
- Magento Open Source 2.3.5-p1 and earlier versions
- Magento Open Source 2.3.5-p2 and earlier versions
- Magento Open Source 2.4.0 and earlier versions
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
Magento Commerce 2.4.1 or 2.3.6
Magento Open Source 2.4.1 or 2.3.6
Vulnerability Identifier
- CVE-2020-24400
- CVE-2020-24401
- CVE-2020-24402
- CVE-2020-24403
- CVE-2020-24404
- CVE-2020-24405
- CVE-2020-24406
- CVE-2020-24407
- CVE-2020-24408
Source
Related Link
Share with