You are currently viewing Adobe Releases Critical Security Updates for Magento

Adobe Releases Critical Security Updates for Magento

As part of its August 2021 Patch Tuesday, Adobe has rolled out fixes for its e-commerce platform, Magento. These updates address 26 vulnerabilities, 20 of which have been rated as critical. On successful exploitation, most of these vulnerabilities could lead to arbitrary code execution. Apart from Magento, Adobe also released security updates for its conferencing software, Connect. The updates for Connect fix 3 security flaws rated as important and could lead to arbitrary code execution.

Adobe Magento is an open-source e-commerce platform best known for its speed, scalability, and customization. As of last year, Magento accounted for about 12% of the global e-commerce sites. Adobe Connect is a powerful and flexible conferencing application and provides online training, webinars, and collaboration facilities.


Adobe Security Bulletin Summary for August 2021

A summary of the vulnerabilities is given below. Note that none of these vulnerabilities are being exploited in the wild.

Adobe Magento – APSB21-64

Affected Versions:
Magento Commerce: versions 2.4.2 and earlier, 2.4.2-p1 and earlier, 2.3.7 and earlier
Magento Open Source: 2.4.2-p1 and earlier versions, 2.3.7 and earlier versions

CVEs: CVE-2021-36021, CVE-2021-36024, CVE-2021-36025, CVE-2021-36034, CVE-2021-36035, CVE-2021-36040, CVE-2021-36041, and CVE-2021-36042
Severity: Critical
Vulnerability: Improper Input Validation
Impact: Arbitrary Code Execution


CVEs: CVE-2021-36022 and CVE-2021-36023
Severity: Critical
Vulnerability: OS Command Injection
Impact: Arbitrary Code Execution


CVEs: CVE-2021-36028, CVE-2021-36033 and CVE-2021-36020
Severity: Critical
Vulnerability: XML Injection
Impact: Arbitrary Code Execution


CVEs: CVE-2021-36036
Severity: Critical
Vulnerability: Improper Access Control
Impact: Arbitrary Code Execution


CVEs: CVE-2021-36029
Severity: Critical
Vulnerability: Improper Authorization
Impact: Security Feature Bypass


CVEs: CVE-2021-36032
Severity: Critical
Vulnerability: Improper Input Validation
Impact: Privilege Escalation


CVEs: CVE-2021-36043
Severity: Critical
Vulnerability: Server-Side Request Forgery
Impact: Arbitrary Code Execution


CVEs: CVE-2021-36044
Severity: Critical
Vulnerability: Improper Input Validation
Impact: Application Denial-of-Service


CVEs: CVE-2021-36030
Severity: Critical
Vulnerability: Improper Input Validation
Impact: Security Feature Bypass


CVEs: CVE-2021-36031
Severity: Critical
Vulnerability: Path Traversal
Impact: Arbitrary Code Execution


CVEs: CVE-2021-36012
Severity: Important
Vulnerability: Business Logic Errors
Impact: Security Feature Bypass


CVEs: CVE-2021-36026 and CVE-2021-36027
Severity: Important
Vulnerability: Cross-site Scripting
Impact: Arbitrary Code Execution


CVEs: CVE-2021-36037
Severity: Important
Vulnerability: Improper Authorization
Impact: Security Feature Bypass


CVEs: CVE-2021-36038
Severity: Important
Vulnerability: Incorrect Authorization
Impact: Security Feature Bypass


CVEs: CVE-2021-36039
Severity: Important
Vulnerability: Improper Input Validation
Impact: Arbitrary file system read


Adobe Connect – APSB21-66

Affected Versions:
Adobe Connect: 11.2.2 and earlier versions

CVEs: CVE-2021-36061
Severity: Important
Vulnerability: Violation of Secure Design Principles
Impact: Security Feature Bypass


CVEs: CVE-2021-36062 and CVE-2021-36063
Severity: Critical
Vulnerability: Cross-site Scripting
Impact: Arbitrary Code Execution


SanerNow VM detects these vulnerabilities. We strongly recommend applying the security updates for all vulnerabilities on high priority.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
SPF

Nice! This information is very useful. Thanks for sharing this , keep sharing such information…