Adobe consistently releases Bulletins and advisories for its existing products like Photoshop, Experience Manager, ColdFusion, Illustrator, InDesign, XD, Creative Cloud, etc. After Magento was acquired by Adobe on June 19, 2018, this is the first time Adobe addressed Magento’s security updates in their Adobe Security Bulletin. Finally, Magento has a place in its bulletins and advisories. Magento has confirmed and declared that from now on the individual security issues will be documented in an Adobe Security Bulletin instead of the Magento Security Center. Check here. Adobe’s Security Bulletin for Magento reports some of the significant updates for Magento Commerce and Open Source editions. It resolves some of the severe vulnerabilities like Sensitive information disclosure and arbitrary code execution.
Magento Versions at Risk
– All Platforms
- Magento Commerce 2.3.3 and earlier versions
- Magento Open Source 2.3.3 and earlier versions
- Magento Commerce 2.2.10 and earlier versions
- Magento Open Source 2.2.10 and earlier versions
- Magento Enterprise Edition 18.104.22.168 and earlier versions
- Magento Community Edition 22.214.171.124 and earlier versions
– Update your Magento installation to the latest available version. As of now, the following are the newest available Magento versions.
- Magento Commerce 2.3.4
- Magento Open Source 2.3.4
- Magento Commerce 2.2.11
- Magento Open Source 2.2.11
- Magento Enterprise Edition 126.96.36.199
- Magento Community Edition 188.8.131.52
These Magento releases offer functional fixes to the core product, security enhancements, platform upgrades, substantial security changes, and many other improvements.
– If you don’t update your Magento installation to the newest version available you put your Magento store at risk with the following vulnerabilities.
|Vulnerability Category||Vulnerability Impact||Severity||Magento Bug ID||CVE Numbers|
|Stored cross-site scripting||Sensitive information disclosure||Important||PRODSECBUG-2543||CVE-2020-3715|
|Stored cross-site scripting||Sensitive information disclosure||Important||PRODSECBUG-2599||CVE-2020-3758|
|Deserialization of untrusted data||Arbitrary code execution||Critical||PRODSECBUG-2579||CVE-2020-3716|
|Path traversal||Sensitive information disclosure||Important||PRODSECBUG-2632||CVE-2020-3717|
|Security bypass||Arbitrary code execution||Critical||PRODSECBUG-2633||CVE-2020-3718|
|SQL injection||Sensitive information disclosure||Critical||PRODSECBUG-2660||CVE-2020-3719|
Magento Merchants or webmasters are advised to always move to the latest available installations. So that your Magento store can get the latest security updates and can avoid any of the potential risks of data theft, admin takeover, cardholder details leak, and other vulnerabilities. If you need professional assistance to secure your Magento store consult now with our team of certified Magento developers.