an out-of-band security advisory and issued patches for six vulnerabilities,
three critical, in its Magento Commerce and Open Source products.
products affected are Commerce 2.3.3, Open Source 2.3.3, Enterprise Edition 126.96.36.199
and Community Edition 188.8.131.52.
critical vulnerabilities are CVE-2020-3716, CVE-2020-3718 and CVE-2020-3719.
The first two, respectively, have a deserialization of untrusted data and
security bypass flaws that can lead to arbitrary code execution. The final
issue is a SQI injection that if exploited could lead to sensitive information
remaining vulnerabilities, CVE-2020-3715, CVE-2020-3758 and CVE-2020-3717, also
can lead to sensitive information disclosure if exploited by an attacker. The
first two are stored cross-site scripting issues and the last deals with a path
Adobe is recommending users update to the latest version of the software.
Want to read more?
Please login or register first to view this content.