911 Hack Removal

Adobe Fixes Multiple Critical Vulnerabilities In Magento CMS

Published on: October 17, 2020

Adobe Fixes Multiple Critical Vulnerabilities In Magento CMS

This week, Adobe has addressed multiple high-severity vulnerabilities in their Magento platform, which left hundreds of thousands of websites vulnerable to arbitrary code execution and customer list tampering attacks.

Magento is the second most popular Content Management System (CMS) platform after WordPress, which powers over 250,000 active eCommerce sites, this accounts for around 12% of all online stores. And according to Magento.com, Magento-base sites handle over $155 billion in transactions every year.

Found Magento vulnerabilities & affected Magento versions

In its security bulletin [ASPB20-59], Adobe has released patches for a total of 9 vulnerabilities that affected Magento Commerce and Magento Open Source platforms. 8 of these 9 vulnerabilities are considered either critical or important, while one is considered as a moderate Magento vulnerability.

Source: Adobe

The two critical flaws in the Magento platform are tracked as File Upload Allow List Bypass (CVE-2020-24407) and SQL Injection (CVE-2020-24400) that can allow hackers to execute the arbitrary code and even can give read or write access to the database of the victim Magento site. But both the flaws require a hacker to have already obtained the admin privileges.

While, a Stored XSS (CVE-2020-24408), if exploited, can allow hackers to arbitrary execute JavaScript in the browser – and this doesn’t require pre-authentication (i.e admin privileges) for exploitation. 

Magneto sites that are using Astra Security Magento Firewall are already secured from all the above-mentioned vulnerabilities exposure.

The security bulletin also provided a list of affected versions of the Magento platform:

Source: Adobe

How to secure your Magento sites from these vulnerabilities

If your website or eCommerce store is running on an outdated Magento version, it is highly recommended to update your installation to the latest version in order to secure your Magento site/store from these vulnerabilities.  Here is the list of updated/latest versions for respective Magento products:

Magento Vulnerabilities
Source: Adobe

Further, installing a web application firewall (WAF) for your website or eCommerce store can always help. A WAF can provide security against such potential vulnerabilities in your site files, plugins, extensions & themes.

How Astra Security Magneto Firewall works on your website

Astra Security WAF filters malicious traffic and potential threats and provides intelligent protection to your website / eCommerce store. It blocks XSS, SQLi, CSRF, bad bots, OWASP top 10 & 100+ other cyber attacks. This intelligent firewall detects visitor patterns on your website & automatically blocks hackers with malicious intent.

Was this post helpful?

Tags: , ,

Kanishk Tagade

Kanishk Tagade is a Marketing Manager at Astra Security. Having a hawk-eyed view on the cybersecurity threat landscape, market-shifts, and hacktivism activities, Kanishk is a community member of the Nasscom and corporate contributor at many technology magazines and security awareness platforms. Editor-in-Chief at "QuickCyber.news", his work is published in more than 50+ news platforms. He is also a social micro-influencer for the latest cybersecurity defense mechanisms, Digital Transformation, Machine Learning, AI and IoT products.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany