Adobe consistently releases Bulletins and advisories for its existing products like Photoshop, Experience Manager, ColdFusion, Illustrator, InDesign, XD, Creative Cloud, etc. After Magento was acquired by Adobe on June 19, 2018, this is the first time Adobe addressed Magento’s security updates in their Adobe Security Bulletin. Finally, Magento has a place in its bulletins and advisories. Magento has confirmed and declared that from now on the individual security issues will be documented in an Adobe Security Bulletin instead of the Magento Security Center. Check here. Adobe’s Security Bulletin for Magento reports some of the significant updates for Magento Commerce and Open Source editions. It resolves some of the severe vulnerabilities like Sensitive information disclosure and arbitrary code execution.

Magento Versions at Risk

– All Platforms

  • Magento Commerce 2.3.3 and earlier versions
  • Magento Open Source 2.3.3 and earlier versions
  • Magento Commerce 2.2.10 and earlier versions
  • Magento Open Source 2.2.10 and earlier versions
  • Magento Enterprise Edition and earlier versions
  • Magento Community Edition and earlier versions

The Solution

– Update your Magento installation to the latest available version. As of now, the following are the newest available Magento versions.

  • Magento Commerce 2.3.4
  • Magento Open Source 2.3.4
  • Magento Commerce 2.2.11
  • Magento Open Source 2.2.11
  • Magento Enterprise Edition
  • Magento Community Edition

These Magento releases offer functional fixes to the core product, security enhancements, platform upgrades, substantial security changes, and many other improvements.

The Vulnerabilities

– If you don’t update your Magento installation to the newest version available you put your Magento store at risk with the following vulnerabilities.

Vulnerability CategoryVulnerability ImpactSeverityMagento Bug IDCVE Numbers
Stored cross-site scriptingSensitive information disclosureImportantPRODSECBUG-2543CVE-2020-3715
Stored cross-site scriptingSensitive information disclosureImportantPRODSECBUG-2599CVE-2020-3758
Deserialization of untrusted dataArbitrary code executionCriticalPRODSECBUG-2579CVE-2020-3716
Path traversalSensitive information disclosureImportantPRODSECBUG-2632CVE-2020-3717
Security bypassArbitrary code executionCriticalPRODSECBUG-2633CVE-2020-3718
SQL injectionSensitive information disclosureCriticalPRODSECBUG-2660CVE-2020-3719

Source: Adobe

Magento Merchants or webmasters are advised to always move to the latest available installations. So that your Magento store can get the latest security updates and can avoid any of the potential risks of data theft, admin takeover, cardholder details leak, and other vulnerabilities. If you need professional assistance to secure your Magento store consult now with our team of certified Magento developers.