As part of its August 2021 Patch Tuesday, Adobe has rolled out fixes for its e-commerce platform, Magento. These updates address 26 vulnerabilities, 20 of which have been rated as critical. On successful exploitation, most of these vulnerabilities could lead to arbitrary code execution. Apart from Magento, Adobe also released security updates for its conferencing software, Connect. The updates for Connect fix 3 security flaws rated as important and could lead to arbitrary code execution. All this can be done using a vulnerability management tool.
Adobe Magento is an open-source e-commerce platform best known for its speed, scalability, and customization. As of last year, Magento accounted for about 12% of the global e-commerce sites. Adobe Connect is a powerful and flexible conferencing application and provides online training, webinars, and collaboration facilities. Moreover, a patch management solution can patch these vulnerabilities.
Adobe Security Bulletin Summary for August 2021
A summary of the vulnerabilities is given below. Note that none of these vulnerabilities are being exploited in the wild.
Adobe Magento – APSB21-64
Affected Versions:
Magento Commerce: versions 2.4.2 and earlier, 2.4.2-p1 and earlier, 2.3.7 and earlier
Magento Open Source: 2.4.2-p1 and earlier versions, 2.3.7Â and earlier versions
- CVEs: CVE-2021-36021, CVE-2021-36024, CVE-2021-36025, CVE-2021-36034, CVE-2021-36035, CVE-2021-36040, CVE-2021-36041, and CVE-2021-36042
Severity: Critical
Vulnerability: Improper Input Validation
Impact: Arbitrary Code Execution
2. CVEs: CVE-2021-36022 and CVE-2021-36023
Severity: Critical
Vulnerability: OS Command Injection
Impact: Arbitrary Code Execution
3. CVEs: CVE-2021-36028, CVE-2021-36033 and CVE-2021-36020
Severity: Critical
Vulnerability: XML Injection
Impact: Arbitrary Code Execution
4. CVEs: CVE-2021-36036
Severity: Critical
Vulnerability: Improper Access Control
Impact: Arbitrary Code Execution
5. CVEs: CVE-2021-36029
Severity: Critical
Vulnerability: Improper Authorization
Impact: Security Feature Bypass
6. CVEs: CVE-2021-36032
Severity: Critical
Vulnerability: Improper Input Validation
Impact: Privilege Escalation
7. CVEs: CVE-2021-36043
Severity: Critical
Vulnerability: Server-Side Request Forgery
Impact: Arbitrary Code Execution
8. CVEs: CVE-2021-36044
Severity: Critical
Vulnerability: Improper Input Validation
Impact: Application Denial-of-Service
9. CVEs: CVE-2021-36030
Severity: Critical
Vulnerability: Improper Input Validation
Impact: Security Feature Bypass
10. CVEs: CVE-2021-36031
Severity: Critical
Vulnerability: Path Traversal
Impact: Arbitrary Code Execution
11. CVEs: CVE-2021-36012
Severity: Important
Vulnerability: Business Logic Errors
Impact: Security Feature Bypass
12. CVEs: CVE-2021-36026 and CVE-2021-36027
Severity: Important
Vulnerability: Cross-site Scripting
Impact: Arbitrary Code Execution
13. CVEs: CVE-2021-36037
Severity: Important
Vulnerability: Improper Authorization
Impact: Security Feature Bypass
14. CVEs: CVE-2021-36038
Severity: Important
Vulnerability: Incorrect Authorization
Impact: Security Feature Bypass
15. CVEs: CVE-2021-36039
Severity: Important
Vulnerability: Improper Input Validation
Impact: Arbitrary file system read
Adobe Connect – APSB21-66
Affected Versions:
Adobe Connect: 11.2.2 and earlier versions
CVEs: CVE-2021-36061
Severity: Important
Vulnerability: Violation of Secure Design Principles
Impact: Security Feature Bypass
CVEs: CVE-2021-36062 and CVE-2021-36063
Severity: Critical
Vulnerability: Cross-site Scripting
Impact: Arbitrary Code Execution
SanerNow VM detects these vulnerabilities. We strongly recommend applying the security updates for all vulnerabilities on high priority.
Nice! This information is very useful. Thanks for sharing this , keep sharing such information…