https://experiencedigest.org/categories/adobe-commerce/ en Tue, 14 Oct 2025 01:00:00 -0400 https://experiencedigest.org/2025/10/14/apsb-adobecommerce-security-update.html Tue, 14 Oct 2025 01:00:00 -0400 http://adobedigest.micro.blog/2025/10/14/apsb-adobecommerce-security-update.html <h2 id="bulletin-information">Bulletin Information</h2> <ul> <li><strong>Bulletin ID:</strong> APSB25-94</li> <li><strong>Product:</strong> APSB25-94: Security update available for Adobe Commerce</li> <li><strong>Published:</strong> October 14, 2025</li> <li><strong>Priority:</strong> 2</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVE Count:</strong> 5</li> </ul> <h2 id="affected-versions">Affected Versions</h2> <ul> <li><strong>Adobe Commerce:</strong> 2.4.9-alpha2 and earlier2.4.8-p2 and earlier2.4.7-p7 and earlier2.4.6-p12 and earlier2.4.5-p14 and earlier2.4.4-p15 and earlier</li> <li><strong>Adobe Commerce B2B:</strong> 1.5.3-alpha2 and earlier1.5.2-p2 and earlier1.4.2-p7 and earlier1.3.5-p12 and earlier1.3.4-p14 and earlier1.3.3-p15 and earlier</li> <li><strong>Magento Open Source:</strong> 2.4.9-alpha22.4.8-p2 and earlier2.4.7-p7 and earlier2.4.6-p12 and earlier</li> </ul> <h2 id="vulnerability-details">Vulnerability Details</h2> <p><strong>Total Vulnerabilities:</strong> 5</p> <p><strong>Severity Breakdown:</strong></p> <ul> <li><strong>Important:</strong> 3</li> <li><strong>Critical:</strong> 2</li> </ul> <p><strong>Key Vulnerabilities:</strong></p> <h3 id="1-cve-2025-54263">1. CVE-2025-54263</h3> <ul> <li><strong>Category:</strong> Incorrect Authorization (CWE-863)</li> <li><strong>Impact:</strong> Security feature bypass</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 8.1</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <h3 id="2-cve-2025-54264">2. CVE-2025-54264</h3> <ul> <li><strong>Category:</strong> Cross-site Scripting (Stored XSS) (CWE-79)</li> <li><strong>Impact:</strong> Privilege escalation</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 8.1</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <h3 id="3-cve-2025-54265">3. CVE-2025-54265</h3> <ul> <li><strong>Category:</strong> Incorrect Authorization (CWE-863)</li> <li><strong>Impact:</strong> Security feature bypass</li> <li><strong>Severity:</strong> Important</li> <li><strong>CVSS Score:</strong> 5.9</li> <li><strong>Authentication Required:</strong> No</li> </ul> <p><em>&hellip;and 2 more vulnerabilities</em></p> <h2 id="cve-identifiers">CVE Identifiers</h2> <p>CVE-2025-54266, CVE-2025-54267, CVE-2025-54263, CVE-2025-54264, CVE-2025-54265</p> <hr> <p><a href="https://helpx.adobe.com/security/products/magento/apsb25-94.html"><strong>Read Full Bulletin on Adobe Security Portal →</strong></a></p> https://experiencedigest.org/2025/09/09/apsb-adobecommerce-security-update.html Tue, 09 Sep 2025 01:00:00 -0400 http://adobedigest.micro.blog/2025/09/09/apsb-adobecommerce-security-update.html <h2 id="bulletin-information">Bulletin Information</h2> <ul> <li><strong>Bulletin ID:</strong> APSB25-88</li> <li><strong>Product:</strong> APSB25-88: Security update available for Adobe Commerce</li> <li><strong>Published:</strong> September 09, 2025</li> <li><strong>Priority:</strong> 1</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVE Count:</strong> 1</li> </ul> <h2 id="affected-versions">Affected Versions</h2> <ul> <li><strong>Adobe Commerce:</strong> 2.4.9-alpha2 and earlier2.4.8-p2 and earlier2.4.7-p7 and earlier2.4.6-p12 and earlier2.4.5-p14 and earlier2.4.4-p15 and earlier</li> <li><strong>Adobe Commerce B2B:</strong> 1.5.3-alpha2 and earlier1.5.2-p2 and earlier1.4.2-p7 and earlier1.3.4-p14 and earlier1.3.3-p15 and earlier</li> <li><strong>Magento Open Source:</strong> 2.4.9-alpha2 and earlier2.4.8-p2 and earlier2.4.7-p7 and earlier2.4.6-p12 and earlier2.4.5-p14 and earlier</li> </ul> <h2 id="vulnerability-details">Vulnerability Details</h2> <p><strong>Total Vulnerabilities:</strong> 1</p> <p><strong>Severity Breakdown:</strong></p> <ul> <li><strong>Critical:</strong> 1</li> </ul> <p><strong>Key Vulnerabilities:</strong></p> <h3 id="1-cve-2025-54236">1. CVE-2025-54236</h3> <ul> <li><strong>Category:</strong> Improper Input Validation (CWE-20)</li> <li><strong>Impact:</strong> Security feature bypass</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 9.1</li> <li><strong>Authentication Required:</strong> No</li> </ul> <h2 id="cve-identifiers">CVE Identifiers</h2> <p>CVE-2025-54236</p> <hr> <p><a href="https://helpx.adobe.com/security/products/magento/apsb25-88.html"><strong>Read Full Bulletin on Adobe Security Portal →</strong></a></p> https://experiencedigest.org/2025/08/12/apsb-adobecommerce-security-update.html Tue, 12 Aug 2025 01:00:00 -0400 http://adobedigest.micro.blog/2025/08/12/apsb-adobecommerce-security-update.html <h2 id="bulletin-information">Bulletin Information</h2> <ul> <li><strong>Bulletin ID:</strong> APSB25-71</li> <li><strong>Product:</strong> APSB25-71: Security update available for Adobe Commerce</li> <li><strong>Published:</strong> August 12, 2025</li> <li><strong>Priority:</strong> 2</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVE Count:</strong> 6</li> </ul> <h2 id="affected-versions">Affected Versions</h2> <ul> <li><strong>Adobe Commerce:</strong> 2.4.9-alpha12.4.8-p1 and earlier2.4.7-p6 and earlier2.4.6-p11 and earlier2.4.5-p13 and earlier2.4.4-p14 and earlier</li> <li><strong>Adobe Commerce B2B:</strong> 1.5.3-alpha11.5.2-p1 and earlier1.4.2-p6 and earlier1.3.5-p11 and earlier1.3.4-p13 and earlier1.3.3-p14 and earlier</li> <li><strong>Magento Open Source:</strong> 2.4.9-alpha12.4.8-p1 and earlier2.4.7-p6 and earlier2.4.6-p11 and earlier2.4.5-p13 and earlier</li> </ul> <h2 id="vulnerability-details">Vulnerability Details</h2> <p><strong>Total Vulnerabilities:</strong> 6</p> <p><strong>Severity Breakdown:</strong></p> <ul> <li><strong>Important:</strong> 2</li> <li><strong>Critical:</strong> 4</li> </ul> <p><strong>Key Vulnerabilities:</strong></p> <h3 id="1-cve-2025-49554">1. CVE-2025-49554</h3> <ul> <li><strong>Category:</strong> Improper Input Validation (CWE-20)</li> <li><strong>Impact:</strong> Application denial-of-service</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 7.5</li> <li><strong>Authentication Required:</strong> No</li> </ul> <h3 id="2-cve-2025-49555">2. CVE-2025-49555</h3> <ul> <li><strong>Category:</strong> Cross-Site Request Forgery (CSRF) (CWE-352)</li> <li><strong>Impact:</strong> Privilege escalation</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 8.1</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <h3 id="3-cve-2025-49556">3. CVE-2025-49556</h3> <ul> <li><strong>Category:</strong> Incorrect Authorization (CWE-863)</li> <li><strong>Impact:</strong> Arbitrary file system read</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 7.5</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <p><em>&hellip;and 3 more vulnerabilities</em></p> <h2 id="cve-identifiers">CVE Identifiers</h2> <p>CVE-2025-49558, CVE-2025-49554, CVE-2025-49559, CVE-2025-49555, CVE-2025-49556, CVE-2025-49557</p> <hr> <p><a href="https://helpx.adobe.com/security/products/magento/apsb25-71.html"><strong>Read Full Bulletin on Adobe Security Portal →</strong></a></p> https://experiencedigest.org/2025/06/10/apsb-adobecommerce-security-update.html Tue, 10 Jun 2025 01:00:00 -0400 http://adobedigest.micro.blog/2025/06/10/apsb-adobecommerce-security-update.html <h2 id="bulletin-information">Bulletin Information</h2> <ul> <li><strong>Bulletin ID:</strong> APSB25-50</li> <li><strong>Product:</strong> APSB25-50: Security update available for Adobe Commerce</li> <li><strong>Published:</strong> June 10, 2025</li> <li><strong>Priority:</strong> 1</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVE Count:</strong> 7</li> </ul> <h2 id="affected-versions">Affected Versions</h2> <ul> <li><strong>Adobe Commerce:</strong> 2.4.82.4.7-p5 and earlier2.4.6-p10 and earlier2.4.5-p12 and earlier2.4.4-p13 and earlier</li> <li><strong>Adobe Commerce B2B:</strong> 1.5.2 and earlier1.4.2-p5 and earlier1.3.5-p10 and earlier1.3.4-p12 and earlier1.3.3-p13 and earlier</li> <li><strong>Magento Open Source:</strong> 2.4.82.4.7-p5 and earlier2.4.6-p10 and earlier2.4.5-p12 and earlier</li> </ul> <h2 id="vulnerability-details">Vulnerability Details</h2> <p><strong>Total Vulnerabilities:</strong> 7</p> <p><strong>Severity Breakdown:</strong></p> <ul> <li><strong>Moderate:</strong> 1</li> <li><strong>Important:</strong> 4</li> <li><strong>Critical:</strong> 2</li> </ul> <p><strong>Key Vulnerabilities:</strong></p> <h3 id="1-cve-2025-47110">1. CVE-2025-47110</h3> <ul> <li><strong>Category:</strong> Cross-site Scripting (Reflected XSS) (CWE-79)</li> <li><strong>Impact:</strong> Arbitrary code execution</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 9.1</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <h3 id="2-cve-2025-43585">2. CVE-2025-43585</h3> <ul> <li><strong>Category:</strong> Improper Authorization (CWE-285)</li> <li><strong>Impact:</strong> Security feature bypass</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 8.2</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <h3 id="3-cve-2025-27206">3. CVE-2025-27206</h3> <ul> <li><strong>Category:</strong> Improper Access Control (CWE-284)</li> <li><strong>Impact:</strong> Security feature bypass</li> <li><strong>Severity:</strong> Important</li> <li><strong>CVSS Score:</strong> 5.3</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <p><em>&hellip;and 4 more vulnerabilities</em></p> <h2 id="cve-identifiers">CVE Identifiers</h2> <p>CVE-2025-43585, CVE-2025-49550, CVE-2025-27207, CVE-2025-49549, CVE-2025-43586, CVE-2025-47110, CVE-2025-27206</p> <hr> <p><a href="https://helpx.adobe.com/security/products/magento/apsb25-50.html"><strong>Read Full Bulletin on Adobe Security Portal →</strong></a></p> https://experiencedigest.org/2025/04/08/apsb-adobecommerce-security-update.html Tue, 08 Apr 2025 01:00:00 -0400 http://adobedigest.micro.blog/2025/04/08/apsb-adobecommerce-security-update.html <h2 id="bulletin-information">Bulletin Information</h2> <ul> <li><strong>Bulletin ID:</strong> APSB25-26</li> <li><strong>Product:</strong> APSB25-26: Security update available for Adobe Commerce</li> <li><strong>Published:</strong> April 08, 2025</li> <li><strong>Priority:</strong> 2</li> <li><strong>Severity:</strong> Important</li> <li><strong>CVE Count:</strong> 5</li> </ul> <h2 id="affected-versions">Affected Versions</h2> <ul> <li><strong>Adobe Commerce:</strong> 2.4.8-beta22.4.7-p4 and earlier2.4.6-p9 and earlier2.4.5-p11 and earlier2.4.4-p12 and earlier</li> <li><strong>Adobe Commerce B2B:</strong> 1.5.1 and earlier1.4.2-p4 and earlier1.3.5-p9 and earlier1.3.4-p11 and earlier1.3.3-p12 and earlier</li> <li><strong>Magento Open Source:</strong> 2.4.8-beta22.4.7-p4 and earlier2.4.6-p9 and earlier2.4.5-p11 and earlier2.4.4-p12 and earlier</li> </ul> <h2 id="vulnerability-details">Vulnerability Details</h2> <p><strong>Total Vulnerabilities:</strong> 5</p> <p><strong>Severity Breakdown:</strong></p> <ul> <li><strong>Moderate:</strong> 1</li> <li><strong>Important:</strong> 4</li> </ul> <p><strong>Key Vulnerabilities:</strong></p> <h3 id="1-cve-2025-27188">1. CVE-2025-27188</h3> <ul> <li><strong>Category:</strong> Improper Authorization (CWE-285)</li> <li><strong>Impact:</strong> Privilege escalation</li> <li><strong>Severity:</strong> Important</li> <li><strong>CVSS Score:</strong> 4.3</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <h3 id="2-cve-2025-27189">2. CVE-2025-27189</h3> <ul> <li><strong>Category:</strong> Cross-Site Request Forgery (CSRF) (CWE-352)</li> <li><strong>Impact:</strong> Application denial-of-service</li> <li><strong>Severity:</strong> Important</li> <li><strong>CVSS Score:</strong> 4.3</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <h3 id="3-cve-2025-27190">3. CVE-2025-27190</h3> <ul> <li><strong>Category:</strong> Improper Access Control (CWE-284)</li> <li><strong>Impact:</strong> Security feature bypass</li> <li><strong>Severity:</strong> Important</li> <li><strong>CVSS Score:</strong> 5.3</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <p><em>&hellip;and 2 more vulnerabilities</em></p> <h2 id="cve-identifiers">CVE Identifiers</h2> <p>CVE-2025-27189, CVE-2025-27191, CVE-2025-27188, CVE-2025-27190, CVE-2025-27192</p> <hr> <p><a href="https://helpx.adobe.com/security/products/magento/apsb25-26.html"><strong>Read Full Bulletin on Adobe Security Portal →</strong></a></p> https://experiencedigest.org/2025/02/11/apsb-adobecommerce-security-update.html Tue, 11 Feb 2025 01:00:00 -0400 http://adobedigest.micro.blog/2025/02/11/apsb-adobecommerce-security-update.html <h2 id="bulletin-information">Bulletin Information</h2> <ul> <li><strong>Bulletin ID:</strong> APSB25-08</li> <li><strong>Published:</strong> February 11, 2025</li> <li><strong>Priority:</strong> 1</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVE Count:</strong> 31</li> </ul> <h2 id="affected-versions">Affected Versions</h2> <ul> <li><strong>Adobe Commerce:</strong> 2.4.8-beta12.4.7-p3 and earlier2.4.6-p8 and earlier2.4.5-p10 and earlier2.4.4-p11 and earlier</li> <li><strong>Adobe Commerce B2B:</strong> 1.5.0  and earlier1.4.2-p3 and earlier1.3.5-p8 and earlier1.3.4-p10 and earlier1.3.3-p11 and earlier</li> <li><strong>Magento Open Source:</strong> 2.4.8-beta12.4.7-p3 and earlier2.4.6-p8 and earlier2.4.5-p10 and earlier2.4.4-p11 and earlier</li> </ul> <h2 id="vulnerability-details">Vulnerability Details</h2> <p><strong>Total Vulnerabilities:</strong> 31</p> <p><strong>Severity Breakdown:</strong></p> <ul> <li><strong>Moderate:</strong> 3</li> <li><strong>Important:</strong> 14</li> <li><strong>Critical:</strong> 14</li> </ul> <p><strong>Key Vulnerabilities:</strong></p> <h3 id="1-cve-2025-24406">1. CVE-2025-24406</h3> <ul> <li><strong>Category:</strong> Improper Limitation of a Pathname to a Restricted Directory (&lsquo;Path Traversal&rsquo;) (CWE-22)</li> <li><strong>Impact:</strong> Privilege escalation</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 7.5</li> <li><strong>Authentication Required:</strong> No</li> </ul> <h3 id="2-cve-2025-24407">2. CVE-2025-24407</h3> <ul> <li><strong>Category:</strong> Incorrect Authorization (CWE-863)</li> <li><strong>Impact:</strong> Security feature bypass</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 7.1</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <h3 id="3-cve-2025-24408">3. CVE-2025-24408</h3> <ul> <li><strong>Category:</strong> Information Exposure (CWE-200)</li> <li><strong>Impact:</strong> Privilege escalation</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 8.1</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <p><em>&hellip;and 28 more vulnerabilities</em></p> <h2 id="cve-identifiers">CVE Identifiers</h2> <p>CVE-2025-24418, CVE-2025-24407, CVE-2025-24429, CVE-2025-24421, CVE-2025-24434, CVE-2025-24419, CVE-2025-24427, CVE-2025-24435, CVE-2025-24426, CVE-2025-24428, CVE-2025-24425, CVE-2025-24415, CVE-2025-24412, CVE-2025-24423, CVE-2025-24413, CVE-2025-24438, CVE-2025-24409, CVE-2025-24437, CVE-2025-24406, CVE-2025-24411, CVE-2025-24414, CVE-2025-24416, CVE-2025-24422, CVE-2025-24432, CVE-2025-24436, CVE-2025-24410, CVE-2025-24408, CVE-2025-24417, CVE-2025-24420, CVE-2025-24430, CVE-2025-24424</p> <hr> <p><a href="https://helpx.adobe.com/security/products/magento/apsb25-08.html"><strong>Read Full Bulletin on Adobe Security Portal →</strong></a></p> https://experiencedigest.org/2024/06/11/apsb-adobecommerce-security-update.html Tue, 11 Jun 2024 01:00:00 -0400 http://adobedigest.micro.blog/2024/06/11/apsb-adobecommerce-security-update.html <h2 id="bulletin-information">Bulletin Information</h2> <ul> <li><strong>Bulletin ID:</strong> APSB24-40</li> <li><strong>Published:</strong> June 11, 2024</li> <li><strong>Priority:</strong> 1</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVE Count:</strong> 10</li> </ul> <h2 id="affected-versions">Affected Versions</h2> <ul> <li><strong>Adobe Commerce:</strong> 2.4.7 and earlier2.4.6-p5 and earlier2.4.5-p7 and earlier2.4.4-p8 and earlier2.4.3-ext-7 and earlier<em>2.4.2-ext-7 and earlier</em></li> <li><strong>Magento Open Source:</strong> 2.4.7 and earlier2.4.6-p5 and earlier2.4.5-p7 and earlier2.4.4-p8 and earlier</li> <li><strong>Adobe Commerce Webhooks Plugin:</strong> 1.2.0 to 1.4.0</li> </ul> <h2 id="vulnerability-details">Vulnerability Details</h2> <p><strong>Total Vulnerabilities:</strong> 10</p> <p><strong>Severity Breakdown:</strong></p> <ul> <li><strong>Important:</strong> 3</li> <li><strong>Critical:</strong> 7</li> </ul> <p><strong>Key Vulnerabilities:</strong></p> <h3 id="1-cve-2024-34111">1. CVE-2024-34111</h3> <ul> <li><strong>Category:</strong> Server-Side Request Forgery (SSRF) (CWE-918)</li> <li><strong>Impact:</strong> Arbitrary code execution</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 8.5</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <h3 id="2-cve-2024-34102">2. CVE-2024-34102</h3> <ul> <li><strong>Category:</strong> Improper Restriction of XML External Entity Reference (&lsquo;XXE&rsquo;) (CWE-611)</li> <li><strong>Impact:</strong> Arbitrary code execution</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 9.8</li> <li><strong>Authentication Required:</strong> No</li> </ul> <h3 id="3-cve-2024-34103">3. CVE-2024-34103</h3> <ul> <li><strong>Category:</strong> Improper Authentication (CWE-287)</li> <li><strong>Impact:</strong> Privilege escalation</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 8.1</li> <li><strong>Authentication Required:</strong> No</li> </ul> <p><em>&hellip;and 7 more vulnerabilities</em></p> <h2 id="cve-identifiers">CVE Identifiers</h2> <p>CVE-2024-34103, CVE-2024-34108, CVE-2024-34105, CVE-2024-34110, CVE-2024-34107, CVE-2024-34104, CVE-2024-34111, CVE-2024-34106, CVE-2024-34109, CVE-2024-34102</p> <hr> <p><a href="https://helpx.adobe.com/security/products/magento/apsb24-40.html"><strong>Read Full Bulletin on Adobe Security Portal →</strong></a></p> https://experiencedigest.org/2024/04/09/apsb-adobecommerce-security-update.html Tue, 09 Apr 2024 01:00:00 -0400 http://adobedigest.micro.blog/2024/04/09/apsb-adobecommerce-security-update.html <h2 id="bulletin-information">Bulletin Information</h2> <ul> <li><strong>Bulletin ID:</strong> APSB24-18</li> <li><strong>Published:</strong> April 09, 2024</li> <li><strong>Priority:</strong> 3</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVE Count:</strong> 2</li> </ul> <h2 id="affected-versions">Affected Versions</h2> <ul> <li><strong>Adobe Commerce:</strong> 2.4.7-beta3 and earlier2.4.6-p4 and earlier2.4.5-p6 and earlier2.4.4-p7 and earlier2.4.3-ext-6 and earlier<em>2.4.2-ext-6 and earlier</em></li> <li><strong>Magento Open Source:</strong> 2.4.7-beta3 and earlier2.4.6-p4 and earlier2.4.5-p6 and earlier2.4.4-p7 and earlier</li> </ul> <h2 id="vulnerability-details">Vulnerability Details</h2> <p><strong>Total Vulnerabilities:</strong> 2</p> <p><strong>Severity Breakdown:</strong></p> <ul> <li><strong>Critical:</strong> 2</li> </ul> <p><strong>Key Vulnerabilities:</strong></p> <h3 id="1-cve-2024-20758">1. CVE-2024-20758</h3> <ul> <li><strong>Category:</strong> Improper Input Validation (CWE-20)</li> <li><strong>Impact:</strong> Arbitrary code execution</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 9</li> <li><strong>Authentication Required:</strong> No</li> </ul> <h3 id="2-cve-2024-20759">2. CVE-2024-20759</h3> <ul> <li><strong>Category:</strong> Cross-site Scripting (Stored XSS) (CWE-79)</li> <li><strong>Impact:</strong> Arbitrary code execution</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 8.1</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <h2 id="cve-identifiers">CVE Identifiers</h2> <p>CVE-2024-20759, CVE-2024-20758</p> <hr> <p><a href="https://helpx.adobe.com/security/products/magento/apsb24-18.html"><strong>Read Full Bulletin on Adobe Security Portal →</strong></a></p> https://experiencedigest.org/2024/02/13/apsb-adobecommerce-security-update.html Tue, 13 Feb 2024 01:00:00 -0400 http://adobedigest.micro.blog/2024/02/13/apsb-adobecommerce-security-update.html <h2 id="bulletin-information">Bulletin Information</h2> <ul> <li><strong>Bulletin ID:</strong> APSB24-03</li> <li><strong>Published:</strong> February 13, 2024</li> <li><strong>Priority:</strong> 3</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVE Count:</strong> 5</li> </ul> <h2 id="affected-versions">Affected Versions</h2> <ul> <li><strong>Adobe Commerce:</strong> 2.4.6-p3 and earlier2.4.5-p5 and earlier2.4.4-p6 and earlier2.4.3-ext-5 and earlier<em>2.4.2-ext-5 and earlier</em></li> <li><strong>Magento Open Source:</strong> 2.4.6-p3 and earlier2.4.5-p5 and earlier2.4.4-p6 and earlier</li> </ul> <h2 id="vulnerability-details">Vulnerability Details</h2> <p><strong>Total Vulnerabilities:</strong> 5</p> <p><strong>Severity Breakdown:</strong></p> <ul> <li><strong>Moderate:</strong> 1</li> <li><strong>Important:</strong> 2</li> <li><strong>Critical:</strong> 2</li> </ul> <p><strong>Key Vulnerabilities:</strong></p> <h3 id="1-cve-2024-20719">1. CVE-2024-20719</h3> <ul> <li><strong>Category:</strong> Cross-site Scripting (Stored XSS) (CWE-79)</li> <li><strong>Impact:</strong> Arbitrary code execution</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 9.1</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <h3 id="2-cve-2024-20720">2. CVE-2024-20720</h3> <ul> <li><strong>Category:</strong> Improper Neutralization of Special Elements used in an OS Command (&lsquo;OS Command Injection&rsquo;) (CWE-78)</li> <li><strong>Impact:</strong> Arbitrary code execution</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 9.1</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <h3 id="3-cve-2024-20716">3. CVE-2024-20716</h3> <ul> <li><strong>Category:</strong> Uncontrolled Resource Consumption (CWE-400)</li> <li><strong>Impact:</strong> Application denial-of-service</li> <li><strong>Severity:</strong> Important</li> <li><strong>CVSS Score:</strong> 5.7</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <p><em>&hellip;and 2 more vulnerabilities</em></p> <h2 id="cve-identifiers">CVE Identifiers</h2> <p>CVE-2024-20720, CVE-2024-20719, CVE-2024-20716, CVE-2024-20718, CVE-2024-20717</p> <hr> <p><a href="https://helpx.adobe.com/security/products/magento/apsb24-03.html"><strong>Read Full Bulletin on Adobe Security Portal →</strong></a></p> https://experiencedigest.org/2023/10/10/apsb-adobecommerce-security-update.html Tue, 10 Oct 2023 01:00:00 -0400 http://adobedigest.micro.blog/2023/10/10/apsb-adobecommerce-security-update.html <h2 id="bulletin-information">Bulletin Information</h2> <ul> <li><strong>Bulletin ID:</strong> APSB23-50</li> <li><strong>Published:</strong> October 10, 2023</li> <li><strong>Priority:</strong> 3</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVE Count:</strong> 9</li> </ul> <h2 id="affected-versions">Affected Versions</h2> <ul> <li><strong>Adobe Commerce:</strong> 2.4.7-beta1 and earlier2.4.6-p2 and earlier2.4.5-p4 and earlier2.4.4-p5 and earlier2.4.3-ext-4 and earlier<em>2.4.2-ext-4 and earlier</em>2.4.1-ext-4 and earlier<em>2.4.0-ext-4 and earlier</em>2.3.7-p4-ext-4 and earlier*</li> <li><strong>Magento Open Source:</strong> 2.4.7-beta1 and earlier2.4.6-p2 and earlier2.4.5-p4 and earlier2.4.4-p5 and earlier</li> </ul> <h2 id="vulnerability-details">Vulnerability Details</h2> <p><strong>Total Vulnerabilities:</strong> 9</p> <p><strong>Severity Breakdown:</strong></p> <ul> <li><strong>Important:</strong> 2</li> <li><strong>Critical:</strong> 7</li> </ul> <p><strong>Key Vulnerabilities:</strong></p> <h3 id="1-cve-2023-38218">1. CVE-2023-38218</h3> <ul> <li><strong>Category:</strong> Improper Input Validation (CWE-20)</li> <li><strong>Impact:</strong> Privilege escalation</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 8.8</li> <li><strong>Authentication Required:</strong> No</li> </ul> <h3 id="2-cve-2023-38219">2. CVE-2023-38219</h3> <ul> <li><strong>Category:</strong> Cross-site Scripting (Stored XSS) (CWE-79)</li> <li><strong>Impact:</strong> Privilege escalation</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 8.4</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <h3 id="3-cve-2023-38220">3. CVE-2023-38220</h3> <ul> <li><strong>Category:</strong> Improper Authorization (CWE-285)</li> <li><strong>Impact:</strong> Security feature bypass</li> <li><strong>Severity:</strong> Critical</li> <li><strong>CVSS Score:</strong> 7.5</li> <li><strong>Authentication Required:</strong> Yes</li> </ul> <p><em>&hellip;and 6 more vulnerabilities</em></p> <h2 id="cve-identifiers">CVE Identifiers</h2> <p>CVE-2023-38251, CVE-2023-38219, CVE-2023-38250, CVE-2023-38220, CVE-2023-26366, CVE-2023-26367, CVE-2023-38249, CVE-2023-38221, CVE-2023-38218</p> <hr> <p><a href="https://helpx.adobe.com/security/products/magento/apsb23-50.html"><strong>Read Full Bulletin on Adobe Security Portal →</strong></a></p>