Adobe consistently releases Bulletins and advisories for its existing products like Photoshop, Experience Manager, ColdFusion, Illustrator, InDesign, XD, Creative Cloud, etc. After Magento was acquired by Adobe on June 19, 2018, this is the first time Adobe addressed Magento’s security updates in their Adobe Security Bulletin. Finally, Magento has a place in its bulletins and advisories. Magento has confirmed and declared that from now on the individual security issues will be documented in an Adobe Security Bulletin instead of the Magento Security Center. Check here. Adobe’s Security Bulletin for Magento reports some of the significant updates for Magento Commerce and Open Source editions. It resolves some of the severe vulnerabilities like Sensitive information disclosure and arbitrary code execution.

Magento Versions at Risk

– All Platforms

  • Magento Commerce 2.3.3 and earlier versions
  • Magento Open Source 2.3.3 and earlier versions
  • Magento Commerce 2.2.10 and earlier versions
  • Magento Open Source 2.2.10 and earlier versions
  • Magento Enterprise Edition and earlier versions
  • Magento Community Edition and earlier versions

The Solution

– Update your Magento installation to the latest available version. As of now, the following are the newest available Magento versions.

  • Magento Commerce 2.3.4
  • Magento Open Source 2.3.4
  • Magento Commerce 2.2.11
  • Magento Open Source 2.2.11
  • Magento Enterprise Edition
  • Magento Community Edition

These Magento releases offer functional fixes to the core product, security enhancements, platform upgrades, substantial security changes, and many other improvements.

The Vulnerabilities

– If you don’t update your Magento installation to the newest version available you put your Magento store at risk with the following vulnerabilities.

Vulnerability Category Vulnerability Impact Severity Magento Bug ID CVE Numbers
Stored cross-site scripting Sensitive information disclosure Important PRODSECBUG-2543 CVE-2020-3715
Stored cross-site scripting Sensitive information disclosure Important PRODSECBUG-2599 CVE-2020-3758
Deserialization of untrusted data Arbitrary code execution Critical PRODSECBUG-2579 CVE-2020-3716
Path traversal Sensitive information disclosure Important PRODSECBUG-2632 CVE-2020-3717
Security bypass Arbitrary code execution Critical PRODSECBUG-2633 CVE-2020-3718
SQL injection Sensitive information disclosure Critical PRODSECBUG-2660 CVE-2020-3719

Source: Adobe

Magento Merchants or webmasters are advised to always move to the latest available installations. So that your Magento store can get the latest security updates and can avoid any of the potential risks of data theft, admin takeover, cardholder details leak, and other vulnerabilities. If you need professional assistance to secure your Magento store consult now with our team of certified Magento developers.