Adobe issued
an out-of-band security advisory and issued patches for six vulnerabilities,
three critical, in its Magento Commerce and Open Source products.

The Adobe
products affected are Commerce 2.3.3, Open Source 2.3.3, Enterprise Edition 1.14.4.3
and Community Edition 1.9.4.3.

The three
critical vulnerabilities are CVE-2020-3716, CVE-2020-3718 and CVE-2020-3719.
The first two, respectively, have a deserialization of untrusted data and
security bypass flaws that can lead to arbitrary code execution. The final
issue is a SQI injection that if exploited could lead to sensitive information
disclosure.

The
remaining vulnerabilities, CVE-2020-3715, CVE-2020-3758 and CVE-2020-3717, also
can lead to sensitive information disclosure if exploited by an attacker. The
first two are stored cross-site scripting issues and the last deals with a path
traversal flaw.

Adobe is recommending users update to the latest version of the software.