IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Adobe patches critcal bug in e-commerce software

The flaw, which allowed attackers to run their own code on websites, was being exploited in wild

Adobe has fixed a critical vulnerability in its e-commerce software that allowed attackers to run their own code on merchants' sites. 

The bug, which was being exploited in the wild, affects Adobe Commerce and Magento Commerce, software that allow merchants to host and manage online stores. It is rated critical, with a 9.8 score under the Common Vulnerability Scoring System (CVSS), and is described as improper input validation bug that allows attackers to execute arbitrary code by manipulating input fields.

"Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants," the company warned in an advisory.

The vulnerability affects v2.4.3 and earlier of the Adobe products, and the company has released a patch. With little other information about the bug, there are no clear workarounds for the vulnerability other than to patch systems immediately.

Security bugs like these allow attackers to inject their own code onto e-commerce sites, which could skim a customer's credit card details and login credentials. One of the most popular skimming groups is Magecart, originally a single group that experts have seen morph into multiple groups.

Adobe acquired Magento in 2018 and rebranded its Magento Commerce product as Adobe Commerce. The company still offers a free version called Magento Open Source for building ecommerce stores.

Adobe Commerce offers a page builder for product stores, personalized product recommendations, and real-time inventory management that allows vendors to arrange for home delivery or pickup at the store. It also offers reporting capabilities to help visualize store performance.

Related Resource

Putting the insurance industry back in safe hands

The role of payments in digital transformation

Whitepaper cover with purple, pink, beige and turquoise circlesFree Download

In September, Adobe added a new Payment Services tool to the Commerce product that allows merchants to support more payment services, such as Venmo and PayPal.

Security company Malwarebytes recently noted an increase in Magecart activity after one of the groups began targeting large numbers of ecommerce scores. Much of this activity focuses on Magento 1, which has not been supported since 2020. These attackers used a vulnerability in the Quickview plugin to create rogue Magento admin users that could run code with elevated privileges.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022