Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Adobe Fixes Multiple Critical Vulnerabilities In Magento CMS

This week, Adobe has addressed multiple high-severity Vulnerabilities in their Magento platform, which left hundreds of thousands of websites vulnerable to arbitrary code execution and customer list tampering attacks.

Magento is the second most popular Content Management System (CMS) platform after WordPress, which powers over 250,000 active eCommerce sites, this accounts for around 12% of all online stores. And according to Magento.com, Magento-base sites handle over $155 billion in transactions every year.

Found Magento vulnerabilities & affected Magento versions

In its security bulletin [ASPB20-59], Adobe has released patches for a total of 9 vulnerabilities that affected Magento Commerce and Magento Open Source platforms. 8 of these 9 vulnerabilities are considered either critical or important, while one is considered as a moderate Magento vulnerability.

Source: Adobe

The two critical flaws in the Magento platform are tracked as File Upload Allow List Bypass (CVE-2020-24407) and SQL Injection (CVE-2020-24400) that can allow hackers to execute the arbitrary code and even can give read or write access to the database of the victim Magento site. But both the flaws require a hacker to have already obtained the admin privileges.

While, a Stored XSS (CVE-2020-24408), if exploited, can allow hackers to arbitrary execute JavaScript in the browser – and this doesn’t require pre-authentication (i.e admin privileges) for exploitation. 

Magneto sites that are using Astra Security Magento Firewall are already secured from all the above-mentioned vulnerabilities exposure.

The security bulletin also provided a list of affected versions of the Magento platform:

Source: Adobe

How to secure your Magento sites from these vulnerabilities

If your website or Ecommerce Store is running on an outdated Magento version, it is highly recommended to update your installation to the latest version in order to secure your Magento site/store from these vulnerabilities.  Here is the list of updated/latest versions for respective Magento products:

Magento Vulnerabilities
Source: Adobe

Further, installing a web application firewall (WAF) for your website or eCommerce store can always help. A WAF can provide security against such potential vulnerabilities in your site files, plugins, extensions & themes.

How Astra Security Magneto Firewall works on your website

Astra Security WAF filters malicious traffic and potential threats and provides intelligent protection to your website / eCommerce store. It blocks XSS, SQLi, CSRF, bad bots, OWASP top 10 & 100+ other cyber attacks. This intelligent firewall detects visitor patterns on your website & automatically blocks hackers with malicious intent.



This post first appeared on ASTRA Web Security - CMS Security News, please read the originial post: here

Share the post

Adobe Fixes Multiple Critical Vulnerabilities In Magento CMS

×

Subscribe to Astra Web Security - Cms Security News

Get updates delivered right to your inbox!

Thank you for your subscription

×