Adobe this week released a security update fixing four vulnerabilities – two critical – in its Magento Commerce 2 and Magento Open Source 2 e-commerce platforms.The two most significant bugs are identified as a path traversal flaw (CVE-2020-9689) and a Security Mitigation bypass (CVE-2020-9692), both of which can result in arbitrary code execution. The first issue is credited was reported by Edgar Boda-Majer of Bugscale and Blaklis, and the second was reported by Boda-Majer alone.The remaining two vulnerabilities are categorized as important and consist of an observable timing discrepancy that can lead to a signature verification bypass and a DOM-based cross-site scripting bug that can result in arbitrary code execution.The problems have been fixed in Magento Commerce 2 versions 2.4.0 and 2.3.5-p2, and Magento Open Source 2 versions 2.4.0 and 2.3.5-p2.
Network Security, Patch/Configuration Management, Vulnerability Management
Adobe mends critical code execution flaws in Magento
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Bradley Barth
As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds