Security Update Available for Adobe Commerce | APSB24-90

20 Nov 2024

Albert Wood

Adobe has released a critical security update (APSB24-90) to address vulnerabilities in Adobe Commerce. These vulnerabilities could allow attackers to compromise e-commerce websites, access sensitive information, or disrupt operations. Merchants and administrators are strongly urged to apply these updates immediately to secure their platforms.

Overview of the Update

This update addresses a set of vulnerabilities discovered in Adobe Commerce, a widely used e-commerce platform. Adobe is committed to ensuring the security of its customers and has worked swiftly to patch these issues.

Key details of the update:

Severity Rating: Critical
Impact: Successful exploitation could lead to unauthorized access, sensitive data exposure, or code execution.
Affected Versions: Adobe Commerce and Magento Open Source powered by Commerce Services and deployed as SaaS (software as a service).3.2.5 and earlier version.

Vulnerability Details

The vulnerabilities addressed include:

Cross-Site Scripting (XSS): Malicious scripts could be executed on the client side, potentially stealing session tokens or sensitive information.
SQL Injection: Attackers could manipulate database queries, allowing access to unauthorized data.
Remote Code Execution (RCE): Malicious actors could execute arbitrary code, compromising the underlying system.

For a complete list of vulnerabilities and their Common Vulnerabilities and Exposures (CVE) identifiers, refer to Adobe’s official security bulletin.

Recommended Actions

To protect your business and customers, take the following steps:

Apply the Update Immediately: Download and install the security patch from the Adobe Commerce release page.

Review Your System: Check for any signs of unauthorized access and secure sensitive information.

Follow Best Practices: Regularly update your software, use strong access controls, and monitor your system for suspicious activity.

Albert Wood

Albert Wood is an accomplished eCommerce Business Analyst. As a technology futurist and sales motivator at ioVista, Albert is dedicated to transforming struggling eCommerce businesses into thriving enterprises. With a keen focus on client’s business processes, user experience (UX), and leveraging the power of digital marketing, he helps businesses optimize their online presence and drive sustainable growth. Albert’s passion is for virtual reality (VR), augmented reality (AR), and mixed reality (MR), immersing himself in unforgettable experiences and exploring the limitless possibilities they offer. His enthusiasm for these emerging technologies fuels his drive to push the boundaries of innovation in eCommerce.