Adobe has issued a critical security update, APSB24-40, for Adobe Commerce, Magento Open Source, and the Adobe Commerce Webhooks Plugin. Released on June 11, 2024, this update addresses several severe vulnerabilities that could lead to arbitrary code execution, security feature bypasses, and privilege escalation if exploited. These vulnerabilities are present in multiple versions of the affected products, necessitating immediate action from users to mitigate potential risks.
The update impacts various versions of Adobe Commerce and Magento Open Source, including versions 2.4.7 and earlier, as well as specific iterations of the Adobe Commerce Webhooks Plugin from 1.2.0 to 1.4.0. Adobe recommends users promptly update to the latest versions provided to ensure they are protected against these vulnerabilities. Detailed instructions for installation are available on Adobe’s website to assist users in applying the necessary updates.
The vulnerabilities addressed by the update cover a range of security issues including Server-Side Request Forgery (SSRF), Improper Restriction of XML External Entity Reference (XXE), Improper Authentication, Improper Authorization, and Cross-site Scripting (Stored XSS). These issues pose significant security risks, making it crucial for users to upgrade their systems to prevent potential exploits.
Adobe’s update highlights the importance of maintaining current software versions and addressing security vulnerabilities as they arise. Users of Adobe Commerce and Magento Open Source are strongly advised to implement the update immediately to safeguard their systems from these critical threats.
