CosmicSting Exploit Still Poses a Threat
25 Jul 2024
Albert Wood
In June, an exploit within the Magento code was discovered that allows RCE (remote code execution) to occur from the frontend of Magento Stores. According to Sansec’s stats, roughly three out of four websites using Magento Adobe Commerce have not sufficiently patched against CosmicSting, which puts them at risk of XML external entity injection (XXE) and remote code execution (RCE).
Did you know that “CosmicSting (CVE-2024-34102) is the worst bug to hit Magento and Adobe Commerce stores in two years?” Sansec says the attack has been automated to scale to thousands of websites since July 1st.
Attack
Sansec discovered widespread abuse of this attack in the wild:
- CosmicSting is used to read the encryption key
- The encryption key generates a JSON Web Token, giving the hacker full administrative API access to various endpoints for attackers to abuse. Fraudulent orders may be placed via POST /V1/orders, and customer personal identifiable information can be stolen via GET /V1/customers/{id. The /V1/cmsBlock endpoints are even more appealing to attackers.
- A list of existing CMS blocks is obtained.
- All CMS blocks, including promotions, footers, etc., are updated to include malicious scripts at the bottom of each block.
Adobe, who owns Magento, has alerted the community to this threat and published patches. Unfortunately, Adobe has now informed us that even with the patches released in June, there is still a risk of remote code execution (RCE) attacks. Hopefully, you already have this information and have had it taken care of. If you have not, we will gladly assist you with applying this critical patch.
What You Need to Do
We advise clients to take immediate action based on their patch status:
- Option 1: If you haven’t applied any patches, apply the security update and hotfix and rotate your encryption keys.
- Option 2: If you applied the original patch and/or isolated patch, apply the new hotfix and rotate your encryption keys.
- Option 3: If you applied both patches, apply the new hotfix and rotate your encryption keys to ensure you’re still safe.
Additional Recommendations
Ensure that production and non-production environments help ensure your store is completely patched on all instances. Contact us to schedule this vital patch to keep your website secure.
Albert Wood
Albert Wood is an accomplished eCommerce Business Analyst. As a technology futurist and sales motivator at ioVista, Albert is dedicated to transforming struggling eCommerce businesses into thriving enterprises. With a keen focus on client’s business processes, user experience (UX), and leveraging the power of digital marketing, he helps businesses optimize their online presence and drive sustainable growth. Albert’s passion is for virtual reality (VR), augmented reality (AR), and mixed reality (MR), immersing himself in unforgettable experiences and exploring the limitless possibilities they offer. His enthusiasm for these emerging technologies fuels his drive to push the boundaries of innovation in eCommerce.
Popular Posts
-
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAdobe Commerce Security Update APSB25-50: Key Highlights
Albert Wood
11 Jun 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentB2B Excellence Starts with Adobe Commerce (Magento) - Not WooCommerce
Albert Wood
03 Jun 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAI and ML in B2B: A Vision for the Future of Commerce by 2025
Albert Wood
27 May 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web Development20 Next-Gen B2B eCommerce Features that will Dominate in 2025
Albert Wood
20 May 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentWooCommerce to BigCommerce Migration Fuels Your B2B eCommerce Growth
Albert Wood
06 May 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAdobe Commerce SaaS: How Will It Empower Your eCommerce Business?
Albert Wood
22 Apr 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentLeverage ERP Integration to Scale Your B2B eCommerce Business in 2025
Albert Wood
15 Apr 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAdobe Commerce Security Update APSB25-26: All You Need to Know
Albert Wood
10 Apr 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAdobe Commerce 2.4.8 Release: Key Highlights
Albert Wood
10 Apr 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentWhy Scaling Business Should Migrate WooCommerce Stores to Shopify
Albert Wood
08 Apr 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentWhy Does Adobe Commerce (Magento) Lead the Way of B2B eCommerce
Albert Wood
18 Mar 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web Development10 Key Drivers of Digital Transformation in B2B eCommerce for 2025
Albert Wood
04 Mar 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web Development5 Leading eCommerce Platforms to Build Scalable B2B Customer Portals
Albert Wood
25 Feb 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentGoogle Search Ranking Volatility: All You Need to Know
Albert Wood
18 Feb 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAdobe Commerce Security Update APSB25-08: All You Need to Know
Albert Wood
13 Feb 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web Development7 Strategic Benefits of an Online B2B Customer Portal
Albert Wood
11 Feb 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentWhat Makes a Great Online B2B Customer Portal? Top 10 Features to Know
Albert Wood
04 Feb 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentLegacy B2B eCommerce Systems Slowing You Down? It's Time for Modernization
Albert Wood
28 Jan 2025 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentEssential B2B Commerce Features for 2024
Albert Wood
20 Nov 2024 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentSecurity Update Available for Adobe Commerce | APSB24-90
Albert Wood
20 Nov 2024 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentWhy Choose Hyvä Enterprise for Your Adobe Commerce Store?
Albert Wood
19 Nov 2024 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentSecurity Update APSB24-73 for Adobe Commerce: Everything You Need to Know
Albert Wood
14 Oct 2024 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentCosmicSting Exploit Still Poses a Threat
Albert Wood
25 Jul 2024 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentCosmicSting: Unauthorized XXE Vulnerability
Albert Wood
17 Jul 2024 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentHyvä Theme for Magento 2: Uncover Powerful Features – Evaluate Pros and Cons
Albert Wood
16 Jul 2024 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentMagento 2.4.7: Explore the Newest Enhancements and Features
Albert Wood
30 Apr 2024 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentMagento 2.4.6-p5: Enhancing Stability and Security
Albert Wood
22 Apr 2024 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentEverything You Need To Know About eCommerce SEO in 2024
Albert Wood
16 Apr 2024 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentThe Impact of Site Speed on eCommerce SEO Performance
Albert Wood
14 Feb 2024 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentioVista Attains B2B Specialization on BigCommerce
Albert Wood
30 Oct 2023 -
Adobe Commerce, E-Commerce, Magento, News, Web Development5 Ways to Boost eCommerce Sales in 2024
Albert Wood
21 Sep 2023 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentIt’s Official: ioVista Has Become a Recognized Adobe Specialized Partner
Albert Wood
05 Sep 2023 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentMagento 2.4.7-beta1 Release
Albert Wood
15 Aug 2023 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentWhy Are You Still Using Yahoo Stores in 2023?
Albert Wood
05 Jul 2023 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentioVista Announced as a 2023 Local Excellence Award Winner by UpCity
Albert Wood
09 May 2023 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentGoogle Analytics 4: What You Need To Know
Albert Wood
29 Mar 2023 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAdobe Commerce 2.4.6 Release
Albert Wood
13 Mar 2023 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentQuestions You Should Ask Your Magento Agency
Albert Wood
17 Feb 2023 -
Adobe Commerce, E-Commerce, Magento, News, Web Development7 Proven Strategies to Increase B2B/Wholesale eCommerce Revenue
Albert Wood
01 Feb 2023 -
Adobe Commerce, E-Commerce, Magento, News, Web Development10 eCommerce Trends to Increase your Sales in 2023
Albert Wood
12 Jan 2023 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentB2B eCommerce Features Your Store Need in 2023
Albert Wood
05 Jan 2023 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAdobe/Magento Highlights 2022 - Is your store Up-to-Date
Albert Wood
20 Dec 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentBigCommerce Releases StagingPro for Enterprise Merchants and Agency Developers
Albert Wood
15 Dec 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAdobe discontinues Support for the 2.4.0-2.4.3 Release Line
Albert Wood
09 Dec 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentBFCM Round-Up – Get Your Store Ready for Christmas 2022!
Albert Wood
07 Dec 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentUniversal Analytics Going Away: What Does it Mean, What you need to Do?
Albert Wood
24 Nov 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web Development40% of Magento and Adobe Commerce Websites at Risk in November 2022
Albert Wood
17 Nov 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentioVista Awarded the Best B2B Company 2022
Albert Wood
04 Nov 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAdobe Releases Critical Security Patches for Magento 2.4.5 and 2.4.4
Albert Wood
27 Oct 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentHoliday Season Best Practices for eCommerce
Albert Wood
20 Oct 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentioVista is Sponsoring the Largest eCommerce Event in Dallas
Albert Wood
07 Oct 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentMagento 2 Vulnerability: Surge in Hacking on Unpatched Stores
Albert Wood
27 Sep 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentGet your Holiday eCommerce Marketing Started with These 5 Tips
Albert Wood
15 Sep 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentWhy a Magento Code Audit is Essential for your eCommerce Store
Albert Wood
10 Sep 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentLaunching a Successful eCommerce Store
Albert Wood
30 Aug 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentChoosing the Right eCommerce Platform for B2B
Albert Wood
25 Aug 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentThe Challenges of eCommerce in Manufacturing and how to Overcome them
Albert Wood
17 Aug 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAdobe Releases Magento Open Source and Adobe Commerce 2.4.5
Albert Wood
10 Aug 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentHow Manufacturers can Switch to eCommerce
Albert Wood
02 Aug 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentBenefits of eCommerce for Manufacturing
Albert Wood
25 Jul 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentMagento 2.3.x End-of-Life in September 2022
Albert Wood
19 Jul 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentThe Growth of eCommerce and its impact on the Manufacturing Industry
Albert Wood
01 Jul 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentThe Future of Manufacturing Business is Digital
Albert Wood
24 Jun 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentMagento Open Source Vs Commerce Vs Cloud: How to Pick your Edition
Albert Wood
14 Jun 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentIs your Store Optimized? How do you Measure eCommerce Conversion Rates?
Albert Wood
11 May 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentioVista Recognized for B2B Services: Excellence Award Winner 2022
Albert Wood
03 May 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentHow to Optimize Your eCommerce Store for Conversions
Albert Wood
29 Apr 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentBigCommerce Strengthens Its Hold in B2B eCommerce Landscape: Acquires Bundle B2B
Albert Wood
27 Apr 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentFuture Proof your Digital Commerce with Headless Commerce
Albert Wood
21 Apr 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAdobe Commerce 2.4.4 Release: Faster, Better, More Scalable
Albert Wood
13 Apr 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAdobe Commerce and Magento 1 Sites at Risk: Magento Vulnerabilities Exploited
Albert Wood
29 Mar 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentIs Your Business Ready for Digital Transformation? The Key Steps!
Albert Wood
01 Mar 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentCVE-2022-24086 What is it?
Albert Wood
16 Feb 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentFebruary 2022, over 500 Legacy Magento 1 Websites Hacked!
Albert Wood
15 Feb 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentProgressive Web App: A well-established Approach to Architecting a Modern Website
Albert Wood
11 Feb 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAdobe released a new End of Support Date for Magento 2.3.x
Albert Wood
04 Feb 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentThe How & Why: Successful Data-Driven Marketing for eCommerce Stores
Albert Wood
13 Jan 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentHow to Find Right Audience for your Online Business
Albert Wood
10 Jan 2022 -
Adobe Commerce, E-Commerce, Magento, News, Web Development5 Key Reasons to Enable Social Commerce Channels for your Store
Albert Wood
17 Dec 2021 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentioVista is honored to be one of the Top 1000 Companies 2021
Albert Wood
13 Dec 2021 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentAre Your FB, Instagram, Pinterest Accounts Geared for Social Shopping?
Albert Wood
30 Nov 2021 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentFive BFCM Strategies Merchants Love To Implement For Holidays
Albert Wood
26 Oct 2021 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentHow to Meet Holiday Shoppers’ Needs With an Omnichannel Approach
Albert Wood
20 Oct 2021 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentSupport for Magento Commerce 2.3 and Magento Open Source 2.3 Ends
Albert Wood
05 Oct 2021 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentWhy your Business Needs Marketing Automation this Holiday Season
Albert Wood
30 Sep 2021 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentHow Augmented Reality can Deliver more Engaging Shopping Experiences
Albert Wood
21 Sep 2021 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentThese 5 Local Business Marketing Strategies Will Transform Your Business
Albert Wood
17 Sep 2021 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentHow eCommerce can be the Game Changer for Warehouses
Albert Wood
08 Sep 2021 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentMagento 2.4.3 has arrived! Everything you Need to Know
Albert Wood
11 Aug 2021 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentioVista named 2021 Top B2B Company in Dallas and Texas
Albert Wood
05 Aug 2021 -
Adobe Commerce, E-Commerce, Magento, News, Web DevelopmentWhy Every Business Should Be on eCommerce
Albert Wood
29 Jul 2021
Let’s work together to create outstanding digital experiences.
With 20+ years of industry experience, ioVista understands your eCommerce needs and delivers best-in-class solutions that help you gain a competitive edge.
or Call us at: +1 214-699-4391
TOP
Get in Touch