{"cisa_kev": [{"lastseen": "2023-07-21T17:22:44", "description": "Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-15T00:00:00", "type": "cisa_kev", "title": "Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086"], "modified": "2022-02-15T00:00:00", "id": "CISA-KEV-CVE-2022-24086", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "githubexploit": [{"lastseen": "2022-02-16T20:29:27", "description": "# FIX CVE-2022-24086 for magento 1.9 \n\nFix a potential security ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-16T08:50:33", "type": "githubexploit", "title": "Exploit for CVE-2022-24086", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-24086"], "modified": "2022-02-16T08:50:33", "id": "1E7300FA-11EA-58E9-9103-0E1550835735", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}, {"lastseen": "2022-03-31T07:01:29", "description": "# CVE-2022-24086-RCE\nCVE-2022-24086 Exploitation tool written in...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-15T05:11:23", "type": "githubexploit", "title": "Exploit for Improper Input Validation in Adobe Commerce", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086"], "modified": "2022-03-28T01:21:39", "id": "5BDA94D2-18F1-5855-A319-43D825ABC44D", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-29T21:04:49", "description": "# CVE-2022-24086-RCE\nCVE-2022-24086 RCE\n\n\n## Description\nAdobe ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-26T10:12:45", "type": "githubexploit", "title": "Exploit for Improper Input Validation in Adobe Commerce", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086"], "modified": "2022-03-29T17:37:30", "id": "07D5C361-86D6-50D1-87E6-E6839DCDD98C", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-17T23:16:09", "description": "<!DOCTYPE html>\n<html dir=\"rtl\" lang=\"fa-IR\">\n\n<head>\n\t<meta cha...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-18T17:49:03", "type": "githubexploit", "title": "Exploit for Improper Input Validation in Adobe Commerce", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086"], "modified": "2022-07-18T17:52:47", "id": "65128391-14D6-5704-9922-C833B48B3654", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-27T23:41:55", "description": "# CVE-2022-24087-RCE and CVE-2022-24086-RCE \n\n## CVE description...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-19T23:33:24", "type": "githubexploit", "title": "Exploit for CVE-2022-24087", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086", "CVE-2022-24087"], "modified": "2022-03-27T18:52:45", "id": "CB10FBE6-16D1-57F7-A522-30AED2746439", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}], "malwarebytes": [{"lastseen": "2022-02-22T21:27:08", "description": "Adobe has released an [emergency advisory](<https://helpx.adobe.com/security/products/magento/apsb22-12.html>) for users of its Commerce and Magento platforms. It explains that a critical zero-day vulnerability is actively being exploited in attacks against sites that use these two content management system (CMSs). Users should apply the patch as soon as possible.\n\n### The vulnerability\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). This vulnerability has been assigned [CVE-2022-24086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24086>).\n\nThe flaw is described as an improper input validation vulnerability which could lead to arbitrary code execution. The vulnerability is exploitable without credentials and is rated as critical. It has been rated with a [CVSS score](<https://blog.malwarebytes.com/malwarebytes-news/2020/05/how-cvss-works-characterizing-and-scoring-vulnerabilities/>) of 9.8 out of 10.\n\nA remote and unauthorized attacker can send a malicious request to the application and execute arbitrary code on the target server. Successful exploitation of this vulnerability may result in complete compromise of the affected system.\n\nAdobe says its own security team discovered the flaw but it is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks. No other information has been provided about the vulnerability to limit the possibility of further exploitation.\n\nNeedless to say, if you operate one of the affected products, patch now.\n\n### Affected products\n\nMagento is an Adobe company that offers a hosted and self-hosted CMS for web shops. The free version of Magento is open source which offers users the option to make their own changes and allows developers to create extensions for the CMS.\n\nThe vulnerability affects Adobe Commerce and Magento Open Source 2.4.3-p1 and earlier versions, as well as 2.3.7-p2 and earlier versions.\n\n### Magecart\n\nOnly recently we published a blog about [a new Magecart campaign](<https://blog.malwarebytes.com/web-threats/2022/02/a-new-magecart-campaign-is-making-waves/>) which was aimed at Magento sites, but that campaign primarily targeted the Magento 1 version of the CMS which has reached end-of-life (EOL) and has not been supported since June 30, 2020. Were Magecart to get its hands on this vulnerability, that would raise the number of potential targets by hundreds of thousands.\n\n### Keeping your site safe\n\nWe have written an extensive post about [how to defend your website against skimmers](<https://blog.malwarebytes.com/web-threats/2021/11/how-to-defend-your-website-against-card-skimmers/>), but in summary, here\u2019s what you need to do to keep your site safe:\n\n * Make sure that the systems used to administer the site are clean of malware.\n * Use strong passwords and do not reuse them.\n * Limit the number of administrators.\n * Keep your site\u2019s software updated.\n * Use a Web Application Firewall (WAF).\n * Know that each dependency is a potential backdoor into your web pages.\n * Use a [Content Security Policy](<https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP>) (CSP).\n * Make sure you are made aware in case of problems, either by checking yourself or by having it done for you.\n\n### How to apply a patch\n\nUnzip the relevant file which you can select [here](<https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12->) and follow the instructions in [how to apply a composer patch provided by Adobe](<https://support.magento.com/hc/en-us/articles/360028367731>).\n\nStay safe, everyone!\n\nThe post [Adobe patches actively exploited Magento/Adobe Commerce zero-day](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/02/adobe-patches-actively-exploited-magento-adobe-commerce-zero-day/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-14T13:55:44", "type": "malwarebytes", "title": "Adobe patches actively exploited Magento/Adobe Commerce zero-day", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086"], "modified": "2022-02-14T13:55:44", "id": "MALWAREBYTES:A70198E4ACB6F4F253C40B6AE02D4AEE", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/02/adobe-patches-actively-exploited-magento-adobe-commerce-zero-day/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:37:34", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEjAvzSRPEa5Cyn0JsryF7oS_6AHNnwOooZg0BVfdmViqJ-Xmd7dbn9xKqHshyLexGYHcyWvwzI6LLjJpE1bRjWc_k_TwngmWH9vRklq2n5v3kZLj6KpfrEnQa1JND_w2eDH_E0n0HfvjejXCkMIdB8fKFH1Uj4eglzv9tibQfoKvzpui-f_af-obYRR>)\n\nAdobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild.\n\nTracked as [CVE-2022-24086](<https://helpx.adobe.com/security/products/magento/apsb22-12.html>), the shortcoming has a CVSS score of 9.8 out of 10 on the vulnerability scoring system and has been characterized as an \"[improper input validation](<https://cwe.mitre.org/data/definitions/20.html>)\" issue that could be weaponized to achieve arbitrary code execution. \n\nIt's also a pre-authenticated flaw, meaning it could be exploited without requiring any credentials. Additionally, the California-headquartered company pointed out that the vulnerability can be exploited by an attacker with non-administrative privileges.\n\nThe flaw affects Adobe Commerce and Magento Open Source 2.4.3-p1 and earlier versions as well as 2.3.7-p2 and earlier versions. Adobe Commerce 2.3.3 and lower are not vulnerable.\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEi3Q3oRZAv1o4TnsJPJiyaywRrM8JOzBR2ecTzrLu3G5ksRGm2KF01XZ73A9OkO5gAgFiWqw4sYUZoZA1CkJmuZQnQkWDinSu0NqD3LTIU_eSX7cEp9oV5natG-cbnoSsrQl_4COxejLCOG1nOimLWtRxC8q5Rfnuc7kjC1ondoOy7YmeN60U-U9mmS>)\n\n\"Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants,\" the company noted in an advisory published February 13, 2022.\n\nThe findings come as e-commerce malware and vulnerability detection company Sansec [disclosed](<https://sansec.io/research/naturalfreshmall-mass-hack>) last week about a [Magecart attack](<https://thehackernews.com/2021/12/new-payment-data-sealing-malware-hides.html>) that compromised 500 sites running the Magento 1 platform with a credit card skimmer designed to siphon sensitive payment information.\n\nAccording to a [new report](<https://community.riskiq.com/article/059a38b4/description>) published by Microsoft's RiskIQ this month, 165 unique command-and-control servers and skimmer injected URLs used by known Magecart threat actors were detected in January 2022, some of which include compromised, legitimate domains.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-14T03:26:00", "type": "thn", "title": "Critical Magento 0-Day Vulnerability Under Active Exploitation \u2014 Patch Released", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086"], "modified": "2022-02-15T04:08:31", "id": "THN:1661C75735E051C3457628722C91193A", "href": "https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-15T08:30:07", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhVPfu1__SgLt5GY2q7-EIJ94yH8dd8bDkLVAub40Q1UlwX8yp6Cl3dMU1ekVsiCJr4bD_3tFP9pyP22161FFMBp_7ezMC_MzGwgKOnWnZBGmmWx4O3EbZYb0z1i9YBsTzW3V4UUz0OC6a6GoL6-Go0g96BvCR9oTeWdKA4h57QRDsbOnh8wdiN8qsXiUIo/s728-e365/code.jpg>)\n\nE-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023.\n\nThe attacks, dubbed **Xurum** by Akamai, leverage a now-patched critical security flaw ([CVE-2022-24086](<https://nvd.nist.gov/vuln/detail/CVE-2022-24086>), CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.\n\n\"The attacker seems to be interested in payment stats from the orders in the victim's Magento store placed in the past 10 days,\" Akamai researchers [said](<https://www.akamai.com/blog/security-research/new-sophisticated-magento-campaign-xurum-webshell>) in an analysis published last week, attributing the campaign to actors of Russian origin.\n\nSome of the websites have also been observed to be infected with simple JavaScript-based skimmers that's designed to collect credit card information and transmit it to a remote server. The exact scale of the campaign remains unclear.\n\n[](<https://thn.news/edWGl41h> \"Cybersecurity\" )\n\nIn the attack chains observed by the company, CVE-2022-24086 is weaponized for initial access, subsequently exploiting the foothold to execute malicious PHP code that gathers information about the host and drops a web shell named wso-ng that masquerades as a Google Shopping Ads component.\n\nNot only is the web shell backdoor run in memory, it also activated only when the attacker sends the cookie \"magemojo000\" in the HTTP request, after which information about the sales order payment methods in the past 10 days is accessed and exfiltrated.\n\nThe attacks culminate with the creation of a rogue admin user with the name \"mageworx\" (or \"mageplaza\") in what appears to be a deliberate attempt to camouflage their actions as benign, for the two monikers refer to popular Magento 2 extension stores.\n\nwso-ng is said to be an [evolution](<https://www.wordfence.com/blog/2017/06/wso-shell/>) [of the](<https://blog.sucuri.net/2020/03/tiny-wso-webshell-loader.html>) [WSO web shell](<https://www.getastra.com/e/malware/infections/wso-shell-most-popular-malicious-tool-used-by-hackers>), incorporating a new hidden login page to steal credentials entered by victims. It further integrates with legitimate tools like VirusTotal and SecurityTrails to glean the infected machine's IP reputation and obtain details about other domains hosted on the same server.\n\nOnline shopping sites have been targeted for years by a [class of attacks](<https://thehackernews.com/2023/04/attention-online-shoppers-dont-be.html>) known as [Magecart](<https://thehackernews.com/2023/06/magento-woocommerce-wordpress-and.html>) in which skimmer code is inserted into checkout pages with the goal of harvesting payment data entered by victims.\n\n[](<https://thn.news/Cr7gkMdK> \"Cybersecurity\" )\n\n\"The attackers have shown a meticulous approach, targeting specific Magento 2 instances rather than indiscriminately spraying their exploits across the internet,\" the researchers said.\n\n\"They demonstrate a high level of expertise in Magento and invest considerable time in understanding its internals, setting up attack infrastructure, and testing their exploits on real targets.\"\n\nIn a related development, Kaspersky disclosed that threat actors are increasingly targeting long-neglected and smaller websites with little to no traffic, specifically WordPress sites, for hosting phishing pages.\n\n\"Most of the time, phishers who hack WordPress websites do so by exploiting security holes,\" security researchers Tatyana Machneva and Olga Svistunova [said](<https://securelist.com/phishing-with-hacked-sites/110334/>). \"After a successful exploitation attempt, hackers upload a WSO web shell and use that to gain access to the website control panel, circumventing the authentication step.\"\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-08-14T13:14:00", "type": "thn", "title": "Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086"], "modified": "2023-08-15T06:42:01", "id": "THN:A8C3BF5FBC6FC3AAE21196F6A9E1FB11", "href": "https://thehackernews.com/2023/08/ongoing-xurum-attacks-on-e-commerce.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:37:33", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEi_TCrgyU1JU1o2frBoSULBCPiRUYyNk6JS7srl8fg0uJ952m-NB9WlPkH-wB3w_9gTxPsh4yQPVdmm1ntRoV04nE6dERSNLWKMqEB1cOnOLuGGY5ofHJcup5dVtIxQ0o5QOx_0lO4s8M6Dp3NC05XiTpCUfHK3Dztf-y4KVHlTKyKfTnns2w3uchLg>)\n\nAdobe on Thursday updated its advisory for an [actively exploited zero-day](<https://thehackernews.com/2022/02/critical-magento-0-day-vulnerability.html>) affecting Adobe Commerce and Magento Open Source to patch a newly discovered flaw that could be weaponized to achieve arbitrary code execution.\n\nTracked as [CVE-2022-24087](<https://helpx.adobe.com/security/products/magento/apsb22-12.html>), the issue \u2013 like CVE-2022-24086 \u2013 is rated 9.8 on the CVSS vulnerability scoring system and relates to an \"[Improper Input Validation](<https://cwe.mitre.org/data/definitions/20.html>)\" bug that could result in the execution of malicious code.\n\n\"We have discovered additional security protections necessary for CVE-2022-24086 and have released an update to address them (CVE-2022-24087),\" the company [said](<https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12->) in a revised bulletin. \"Adobe is not aware of any exploits in the wild for the issue addressed in this update (CVE-2022-24087).\"\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEhi59_l5czzomLBUvdEn23iYBeM1Fi7BtpiPQWmhKuxgOoFIbRXQ0v1N7s2GxbBCtuuG_1BBl8eKeUnWKZGIony5Vp8p6u22szfI9_IvIi4F3sqxR9P-8btW-i4B0vgQ4nHnkS2Q9y36ukZeW7pyU-YBJHtk9bfhfU1rtfL9IfNrB1bKoqdcyVOMCfB>)\n\nAs before, Adobe Commerce and Magento Open Source versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are impacted by CVE-2022-24087, but it's worth noting that versions 2.3.0 to 2.3.3 are not vulnerable.\n\n\"A new patch have [sic] been published for Magento 2, to mitigate the pre-authenticated remote code execution,\" security researcher [Blaklis](<https://twitter.com/Blaklis_/status/1494363202074914822>), who is credited with discovering the flaw alongside [Eboda](<https://twitter.com/eboda_>), tweeted. \"If you patched with the first patch, THIS IS NOT SUFFICIENT to be safe. Please update again!\"\n\nThe out-of-band update arrives as cybersecurity firm Positive Technologies [disclosed](<https://twitter.com/ptswarm/status/1494240197915123713>) it was able to successfully create an exploit for CVE-2022-24086 to gain remote code execution from an unauthenticated user, making it imperative that customers move quickly to apply the fixes to prevent possible exploitation.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-18T03:38:00", "type": "thn", "title": "Another Critical RCE Discovered in Adobe Commerce and Magento Platforms", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086", "CVE-2022-24087"], "modified": "2022-02-19T06:09:23", "id": "THN:707637F85A8A8E4DC491B30785DC495D", "href": "https://thehackernews.com/2022/02/another-critical-rce-discovered-in.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "prion": [{"lastseen": "2023-08-15T16:02:44", "description": "Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-16T17:15:00", "type": "prion", "title": "Adobe Commerce checkout improper input validation leads to remote code execution", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086"], "modified": "2022-02-22T17:40:00", "id": "PRION:CVE-2022-24086", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-24086", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cnvd": [{"lastseen": "2022-10-08T06:17:27", "description": "Adobe Commerce builds a multichannel commerce experience for B2B and B2C customers on a single platform.Adobe Commerce is vulnerable to an input validation error that can be exploited by attackers to cause arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-15T00:00:00", "type": "cnvd", "title": "Adobe Commerce Input Validation Error Vulnerability (CNVD-2022-22100)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086"], "modified": "2022-03-24T00:00:00", "id": "CNVD-2022-22100", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-22100", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-03-29T23:28:48", "description": "A command injection vulnerability exists in Adobe Commerce. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-29T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Commerce Command Injection (CVE-2022-24086)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086"], "modified": "2022-03-29T00:00:00", "id": "CPAI-2022-0084", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-24T15:44:19", "description": "A command Injection over HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-26T00:00:00", "type": "checkpoint_advisories", "title": "Command Injection Over HTTP (CVE-2019-9166; CVE-2021-43936; CVE-2022-1813; CVE-2022-24086; CVE-2022-24193; CVE-2022-26536; CVE-2022-32092; CVE-2022-37810; CVE-2022-40048)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9166", "CVE-2021-43936", "CVE-2022-1813", "CVE-2022-24086", "CVE-2022-24193", "CVE-2022-26536", "CVE-2022-32092", "CVE-2022-37810", "CVE-2022-40048"], "modified": "2022-11-24T00:00:00", "id": "CPAI-2016-0658", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "attackerkb": [{"lastseen": "2023-09-12T20:30:21", "description": "Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-13T00:00:00", "type": "attackerkb", "title": "CVE-2022-24086", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086"], "modified": "2022-02-16T00:00:00", "id": "AKB:A0BF9406-8DD9-4FB9-9F2A-85513811260E", "href": "https://attackerkb.com/topics/rMfKbfukZa/cve-2022-24086", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-06-14T14:34:16", "description": "Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-16T17:15:00", "type": "cve", "title": "CVE-2022-24086", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086"], "modified": "2022-02-22T17:40:00", "cpe": ["cpe:/a:magento:magento:2.3.6", "cpe:/a:adobe:commerce:2.3.7", "cpe:/a:adobe:commerce:2.4.3", "cpe:/a:magento:magento:2.3.7", "cpe:/a:adobe:commerce:2.3.6", "cpe:/a:adobe:commerce:2.4.2", "cpe:/a:magento:magento:2.4.3", "cpe:/a:magento:magento:2.4.2"], "id": "CVE-2022-24086", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24086", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*", "cpe:2.3:a:magento:magento:2.4.2:*:*:*:commerce:*:*:*", "cpe:2.3:a:magento:magento:2.3.7:p2:*:*:commerce:*:*:*", "cpe:2.3:a:magento:magento:2.3.7:p1:*:*:commerce:*:*:*", "cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*", "cpe:2.3:a:adobe:commerce:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:commerce:2.4.3:p1:*:*:*:*:*:*", "cpe:2.3:a:magento:magento:2.3.6:*:*:*:commerce:*:*:*", "cpe:2.3:a:magento:magento:2.4.3:-:*:*:commerce:*:*:*", "cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*", "cpe:2.3:a:magento:magento:2.4.3:p1:*:*:commerce:*:*:*", "cpe:2.3:a:adobe:commerce:2.3.6:*:*:*:*:*:*:*"]}], "threatpost": [{"lastseen": "2022-02-14T16:51:42", "description": "A zero-day remote code-execution (RCE) bug in the Magento 2 and Adobe Commerce platforms has been actively exploited in the wild, Adobe said \u2013 prompting an emergency patch to roll out over the weekend.\n\nThe security vulnerability bug ([CVE-2022-24086](<https://helpx.adobe.com/security/products/magento/apsb22-12.html>)) is a critical affair, allowing pre-authentication RCE arising from improper input validation. It scores 9.8 out of 10 on the CVSS vulnerability-severity scale, but there is one mitigating factor: An attacker would need to have administrative privileges in order to be successful.\n\nIt affects versions 2.3.7-p2 and earlier and 2.4.3-p1 and earlier of both eCommerce platforms, according to [the advisory](<https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12->). According to SanSec, which did a deeper dive into patching bug on Magento, the following should be taken into consideration:\n\n * If you are running Magento 2.3 or 2.4, install the custom patch from Adobe ASAP, ideally within the next few hours;\n * If you are running a version of Magento 2 between 2.3.3 and 2.3.7, you should be able to manually apply the patch, as it only concerns a few lines;\n * And, if you are running Magento 2.3.3 or below, you are not directly vulnerable. However, SanSec still recommends manually implementing the given patch.\n\nSanSec [noted on Monday](<https://sansec.io/research/magento-2-cve-2022-24086>) that the bug came to light on Jan. 27, and that \u201cthis vulnerability has a similar severity as the [Magento Shoplift vulnerability](<https://github.com/joren485/Magento-Shoplift-SQLI>) from 2015. At that time, nearly all unpatched Magento stores globally were compromised in the days after the exploit publication.\u201d\n\nResearchers noted on Monday that patching need not be onerous:\n\n> If you have the time, follow the instructions to patch your [#magento](<https://twitter.com/hashtag/magento?src=hash&ref_src=twsrc%5Etfw>) 2 store with the guide from [@avstudnitz](<https://twitter.com/avstudnitz?ref_src=twsrc%5Etfw>).\n> \n> If you don't have the time? Do the quick and dirty patch described here:<https://t.co/nZTlQGSBmp>\n> \n> It will take you less than 5 minutes, but you _have_ to patch today! <https://t.co/gkhT07QgbA> [pic.twitter.com/7NqJMV3qzb](<https://t.co/7NqJMV3qzb>)\n> \n> \u2014 willem wigman (@willemwigman) [February 14, 2022](<https://twitter.com/willemwigman/status/1493215723983970305?ref_src=twsrc%5Etfw>)\n\n## **Update ASAP to Stave Off Attacks**\n\nIndeed, updating is important for online merchants: The Magecart group [famously targets](<https://threatpost.com/magecart-campaign-10k-online-shoppers/159216/>) unpatched versions of Magento in particular, looking for a way to plant credit-card skimmers on the checkout pages of eCommerce websites.\n\nThe threat actor, which is actually a consortium of many different card-harvesting subgroups, consistently evolves its skimmers to be more effective and efficient at evasion as well. For instance, in November, it [added an extra browser process](<https://threatpost.com/magecart-credit-card-skimmer-avoids-vms-to-fly-under-the-radar/175993/>) that uses the WebGL JavaScript API to check a user\u2019s machine to ensure it\u2019s not running on a virtual machine \u2013 thus evading researcher detection. And in January, an attack on Segway involved planting the skimmer by [using a favicon](<https://threatpost.com/segway-magecart-attack-favicon/177971/>) that traditional security systems wouldn\u2019t inspect.\n\nFor now, Adobe characterized the attacks as \u201cvery limited.\u201d But card-skimmer activity is on the rise, and updates on the part of website owners seem sparse. Last week, SanSec reported a [wave of skimming attacks targeting more than 500 sites](<https://sansec.io/research/naturalfreshmall-mass-hack>), in particular those using outdated and unsupported Magento 1 implementations. Further data from [Source Defense](<http://www.sourcedefense.com/>) found as many as 50,000 to 100,000 sites that are using the end-of-life Magento 1.\n\n\u201cMagento and other eCommerce platforms have a long history of vulnerabilities\u2026Running an eCommerce website on an outdated and unpatched platform is like driving your car without your seat belt on,\u201d said Ron Bradley, vice president, Shared Assessments, via email. \u201cThe driver is thinking, the store is right around the corner, by the time I put on my seatbelt on, I\u2019ll be there, plus I don\u2019t want to wrinkle my clothes. Then comes the crash!\u201d\n\n**_Join Threatpost on Wed. Feb 23 at 2 PM ET for a [LIVE roundtable discussion](<https://threatpost.com/webinars/protect-sensitive-cloud-data/?utm_source=Website&utm_medium=Article&utm_id=Keeper+Webinar>) \u201cThe Secret to Keeping Secrets,\u201d sponsored by Keeper Security, focused on how to locate and lock down your organization\u2019s most sensitive data. Zane Bond with Keeper Security will join Threatpost\u2019s Becky Bracken to offer concrete steps to protect your organization\u2019s critical information in the cloud, in transit and in storage. [REGISTER NOW](<https://threatpost.com/webinars/protect-sensitive-cloud-data/?utm_source=Website&utm_medium=Article&utm_id=Keeper+Webinar>) and please Tweet us your questions ahead of time @Threatpost so they can be included in the discussion._**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-14T16:48:50", "type": "threatpost", "title": "Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2022-24086"], "modified": "2022-02-14T16:48:50", "id": "THREATPOST:20F9B8CE2D092108C0F78EC3E415F6B4", "href": "https://threatpost.com/adobe-zero-day-magento-rce-attack/178407/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-22T19:40:59", "description": "Yet another zero-day bug has been discovered in the Magento Open Source and Adobe Commerce platforms, while researchers have created a working proof-of-concept (PoC) exploit for the recently patched CVE-2022-24086 vulnerability that came under active attack and forced Adobe to push out an [emergency patch](<https://threatpost.com/adobe-zero-day-magento-rce-attack/178407/>) last weekend.\n\nAttackers could use either exploit to achieve remote code-execution (RCE) from an unauthenticated user.\n\nThe new flaw, detailed on Thursday, has the same level of severity assigned to its predecessor, which Adobe patched on Feb. 13. It\u2019s tracked as \u200b\u200b [CVE-2022-24087](<https://helpx.adobe.com/security/products/magento/apsb22-12.html>) and similarly rated 9.8 on the CVSS vulnerability-scoring system.\n\n[](<https://bit.ly/34NwVmo>)\n\nClick to Register for FREE\n\nBoth are improper input validation issues. On Thursday, Adobe [updated](<https://helpx.adobe.com/security/products/magento/apsb22-12.html>) its advisory for CVE-2022-24086 to add details for CVE-2022-24087, which it described as an elevation of privilege vulnerability in the Azure IoT CLI extension.\n\n\u201cWe have discovered additional security protections necessary for CVE-2022-24086 and have released an update to address them (CVE-2022-24087),\u201d Adobe said in its [revised bulletin](<https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12->).\n\n## No Active Attacks for the New Flaw\n\nWhile the company is aware of \u201cvery limited attacks\u201d on Adobe Commerce merchants that have targeted the CVE-2022-24086 flaw, the company said that it\u2019s unaware of any exploits in the wild for CVE-2022-24087.\n\nPositive Technologies researchers said on Thursday that they\u2019ve [been able](<https://twitter.com/ptswarm/status/1494240197915123713>) to reproduce the CVE-2022-24086 vulnerability and have created a working exploit.\n\n> \ud83d\udd25 We have reproduced the fresh CVE-2022-24086 Improper Input Validation vulnerability in Magento Open Source and Adobe Commerce.\n> \n> Successful exploitation could lead to RCE from an unauthenticated user. [pic.twitter.com/QFXd7M9VVO](<https://t.co/QFXd7M9VVO>)\n> \n> \u2014 PT SWARM (@ptswarm) [February 17, 2022](<https://twitter.com/ptswarm/status/1494240197915123713?ref_src=twsrc%5Etfw>)\n\nBoth vulnerabilities affect Adobe Commerce and Magento Open Source 2.3.3-p1 \u2013 2.3.7-p2, and 2.4.0 \u2013 2.4.3-p1. However, versions 2.3.0 to 2.3.3 aren\u2019t affected, Adobe said.\n\nThe company has [provided a guide](<https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12->) for users to manually install the security patches.\n\nResearchers [Eboda](<https://twitter.com/eboda_>) and Blaklis were credited with the discovery of CVE-2022-24087. Blaklis said in a [tweet](<https://twitter.com/Blaklis_/status/1494363202074914822>) that the first patch to resolve CVE-2022-24086 is \u201cNOT SUFFICIENT\u201d to be safe, urging Magento & Commerce users to update again.\n\n> A new patch have been published for Magento 2, to mitigate the pre-authenticated remote code execution. If you patched with the first patch, THIS IS NOT SUFFICIENT to be safe. \nPlease update again!<https://t.co/vtYj9Ic6ds>[@ptswarm](<https://twitter.com/ptswarm?ref_src=twsrc%5Etfw>) (as you had a PoC too!)[#magento](<https://twitter.com/hashtag/magento?src=hash&ref_src=twsrc%5Etfw>)\n> \n> \u2014 Blaklis (@Blaklis_) [February 17, 2022](<https://twitter.com/Blaklis_/status/1494363202074914822?ref_src=twsrc%5Etfw>)\n\n**_Join Threatpost on Wed. Feb 23 at 2 PM ET for a [LIVE roundtable discussion](<https://threatpost.com/webinars/protect-sensitive-cloud-data/?utm_source=Website&utm_medium=Article&utm_id=Keeper+Webinar>) \u201cThe Secret to Keeping Secrets,\u201d sponsored by Keeper Security, focused on how to locate and lock down your organization\u2019s most sensitive data. Zane Bond with Keeper Security will join Threatpost\u2019s Becky Bracken to offer concrete steps to protect your organization\u2019s critical information in the cloud, in transit and in storage. [REGISTER NOW](<https://threatpost.com/webinars/protect-sensitive-cloud-data/?utm_source=Website&utm_medium=Article&utm_id=Keeper+Webinar>) and please Tweet us your questions ahead of time @Threatpost so they can be included in the discussion._**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-18T16:55:59", "type": "threatpost", "title": "New Critical RCE Bug Found in Adobe Commerce, Magento", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2022-24086", "CVE-2022-24087"], "modified": "2022-02-18T16:55:59", "id": "THREATPOST:970C9E73DF1FF53D70DB0B66326F3CB0", "href": "https://threatpost.com/new-critical-rce-bug-found-in-adobe-commerce-magento/178554/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "hivepro": [{"lastseen": "2022-02-22T21:28:04", "description": "THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Adobe issued an emergency advisory informing Adobe Commerce and Magento Open-Source product users of a critical zero-day vulnerability that is being actively exploited in the wild. A zero-day vulnerability which has been assigned CVE-2022-24086 affects the Adobe Commerce and Magento Open-Source products as they fail to properly validate the user input. A pre-authenticated attacker can exploit this to execute arbitrary code on the victim's machine. This vulnerability is being exploited in the wild and targeting Adobe Commerce merchants. Only three days later, Adobe updated same security advisory for the new vulnerability which is related to the earlier reported zero-day vulnerability (CVE-2022-24086) and assigned it CVE-2022-24087. This update has been issued for a new vulnerability that fixes the zero-day vulnerability's incomplete patch. Hive Pro threat research team advices organizations to patch these vulnerabilities as soon as possible using the patch links below. Potential MITRE ATT&CK TTPs are: TA0001: Initial Access TA0002: Execution TA0003: Persistence TA0004: Privilege Escalation TA0005: Defense Evasion T1190: Exploit Public-Facing Application T1078: Valid Accounts T1068: Exploitation for Privilege Escalation Vulnerability Details Patch Link https://github.com/magento/knowledge-base/blob/main/src/troubleshooting/known-issues-patches-attached/assets/MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip?raw=true https://github.com/magento/knowledge-base/blob/main/src/troubleshooting/known-issues-patches-attached/assets/MDVA-43443_EE_2.4.3-p1_COMPOSER_v1.patch.zip?raw=true https://github.com/magento/knowledge-base/blob/main/src/troubleshooting/known-issues-patches-attached/assets/MDVA-43395_EE_2.4.3-p1_v1.patch.zip?raw=true https://github.com/magento/knowledge-base/blob/main/src/troubleshooting/known-issues-patches-attached/assets/MDVA-43443_EE_2.4.3-p1_v1.patch.zip?raw=true https://github.com/magento/knowledge-base/blob/main/src/troubleshooting/known-issues-patches-attached/assets/MDVA-43443_EE_2.4.2-p2_COMPOSER_v1.patch.zip?raw=true https://github.com/magento/knowledge-base/blob/main/src/troubleshooting/known-issues-patches-attached/assets/MDVA-43443_EE_2.4.2-p2_v1.patch.zip?raw=true https://github.com/magento/knowledge-base/blob/main/src/troubleshooting/known-issues-patches-attached/assets/MDVA-43443_EE_2.3.4_COMPOSER_v1.patch.zip?raw=true https://github.com/magento/knowledge-base/blob/main/src/troubleshooting/known-issues-patches-attached/assets/MDVA-43443_EE_2.3.4_v1.patch.zip?raw=true References https://helpx.adobe.com/security/products/magento/apsb22-12.html https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12-", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-15T07:26:37", "type": "hivepro", "title": "Critical Magento zero-day vulnerability actively exploiting multiple e-commerce websites", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086", "CVE-2022-24087"], "modified": "2022-02-15T07:26:37", "id": "HIVEPRO:E80868FF55775A0DCD0C17E21405BAA6", "href": "https://www.hivepro.com/critical-magento-zero-day-vulnerability-actively-exploiting-multiple-e-commerce-websites/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "adobe": [{"lastseen": "2023-06-14T16:25:01", "description": "Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated [critical](). Successful exploitation could lead to arbitrary code execution. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-13T00:00:00", "type": "adobe", "title": "APSB22-12 : Security\u202fupdate\u202favailable\u202ffor\u202fAdobe Commerce", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24086", "CVE-2022-24087"], "modified": "2022-02-17T00:00:00", "id": "APSB22-12", "href": "https://helpx.adobe.com/security/products/magento/apsb22-12.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "trellix": [{"lastseen": "2022-03-02T00:00:00", "description": "# The Bug Report - February 2022 \n\nBy Jesse Chick \u00b7 March 2, 2022\n\n## Your Cybersecurity Comic Relief\n\n[](<https://toggl.com/>) **[Image courtesy of https://toggl.com/](<https://toggl.com/>)**\n\n## Why am I here?\n\nWelcome back to the Bug Report, stubby-month edition! For those in the audience unfamiliar with our shtick, [every month](<https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-bug-report-january-2022.html>) we compile a shortlist of the top vulnerabilities of the month, so that they might whittle away at your last few hours of peaceful sleep. \n\nIt\u2019s a testament to the excitement of the last few months that February came as something of a reprieve for many of us who follow the ebbs and flows of the vulnerability landscape. But as we all slow down and catch our breath, someone, somewhere is having their personal information leaked, their intellectual property held by ransomware, or their privacy otherwise abused by a 0-day...and you're probably here for the grisly details. So, we at Trellix dutifully present to you our four high-impact vulns released during the month of February:\n\n * CVE-2022-22620: Apple WebKit\n * CVE-2022-0609: Google Chrome\n * CVE-2022-24086: Magento/ Adobe Commerce \n * CVE-2022-22536: SAP Internet Communications Manager\n \n\n\n## CVE-2022-22620: Apple finally gave something away for free!\n\n### What is it?\n\nWebKit is Apple\u2019s browser engine. If you are browsing the internet using an Apple product, I\u2019d bet with next month\u2019s rent money that WebKit is churning behind the scenes. Versions of WebKit prior to iOS 15.3.1 contain a use-after-free vulnerability (which occurs due to shoddy memory management) that can allow full remote code execution on a victim\u2019s device. The avenue of attack most likely to be used by attackers is a malicious URL (remember phishing from those pesky compliance trainings?) or via embedding the payload in a cross-site scripting attack on a vulnerable webpage. In the same terse fashion we curious souls have come to expect, Apple has withheld further detail on this vulnerability and the nature of the exploit. \n\n### Who cares?\n\nI care. I have an iPhone. And so do [6 million](<https://securityboulevard.com/2022/02/apples-zero-day-0-click-critical-vulnerability-cve-2022-22620/>) of you on Twitter, apparently, who likely rely on Apple products for either professional or personal tasks. To make this threat even less abstract for us Apple used-to-be-elite-now-commoners, there have been [reports](<https://twitter.com/Laughing_Mantis/status/1494394742821425164>) of CVE-2022-22620 being exploited in conjunction with privilege escalation to gain access to users\u2019 cameras and microphones.\n\n### What can I do?\n\nUpdate. Gotta update, always. To make sure your iPhone is running the patched version of iOS, go to Settings > General > About. If the \u201cSoftware Version\u201d shows something older than 15.3.1, that device is vulnerable, and it would be best to update immediately.\n\n### The Gold Standard\n\nAt this point, patching via software update is your best option. If you would like to have security and other updates installed automatically overnight upon release by Apple, this can be configured on all relevant devices to ensure you are free of exposure as quickly as possible.\n\n \n\n\n## CVE-2022-0609: Should you switch to Firefox?\n\n### What is it?\n\nAppearing like roaches, use-after-free browser bugs travel in groups. This one was discovered in-house at Google, by the Threat Analysis Group, inside of Chrome\u2019s animation component. Although some interaction from the user is required to carry out a successful exploit, this vulnerability can be leveraged to send and execute commands on a victim\u2019s machine over a local network.\n\n### Who cares?\n\nThe hundreds of millions of Chrome users (backed by Chrome\u2019s nearly two-thirds market share among today\u2019s browsers) may want to pay it some mind. This especially holds true for those who often browse from a public network, e.g. students and those who frequently travel, since public networks are a common reservoir of targets for malicious actors. Sure enough, [according to Google](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-0609>), this vulnerability is reported to have been exploited numerous times in the wild. But we all work from home now so no big deal, right? (I\u2019m hoping this comment does NOT age well).\n\n### What can I do?\n\n[Update Chrome](<https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop>) to version [98.0.4758.102](<https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html>) or later, if you have not done so already. Checking the current version of Chrome is as simple as pasting \u201cchrome://version\u201d into the search bar.\n\n### The Gold Standard\n\nAs with iOS, etc., turning on automatic updates for Chrome is a good practice. Set it and forget. \n\n \n\n\n## CVE-2022-24086: All your e-commerce belongs to\u2026.?\n\n### What is it?\n\nYou can be forgiven for having never heard of Magento; avoiding PHP back ends like Ebola seems like decent practice. It turns out Magento is an open-source e-commerce platform which was bought by Adobe in 2018 and now forms the backbone of Adobe Commerce. Due to a lack of proper input validation (CWE-20, if you care) during the checkout stage of a transaction, an attacker can use Adobe Commerce\u2014or the open-source release of Magento that parallels it\u2014to achieve unauthenticated RCE with the same privileges as the corresponding server process. So, if Magento is running as root, this is about as bad as it gets.\n\n### Who cares?\n\nWell, if your platform relies on Adobe Commerce or open-source Magento, consider yourself vulnerable\u2014all unpatched versions of each are affected. Not to mention, CVE-2022-24086 has been actively exploited in the wild.\n\nAs of this writing, there is no complete publicly-available proof of concept, although a redacted version of a working POC (seen below) created by researchers with [Positive Technologies Offensive Team](<https://swarm.ptsecurity.com/>) has been released on [Twitter](<https://twitter.com/ptswarm/status/1494240197915123713>) and distributed widely, which illustrates the leaking of \u201c/etc/passwd\u201d on a vulnerable host.\n\n \n\n\n### What can I do?\n\nPatch, and patch quickly. Time is of the essence! But be sure to follow the [instructions from Adobe](<https://helpx.adobe.com/security/products/magento/apsb22-12.html#Summary>) with care: there are two patches which must be applied in sequence, one to address [CVE-2022-24086](<https://vulners.com/cve/CVE-2022-24086>) and another to fix the near-identical follow-on issue tracked as [CVE-2022-24087](<https://sensorstechforum.com/cve-2022-24087-adobe-magento/>). Both patches are required to make sure that your platform is safe from exploitation of this vulnerability.\n\n### The Gold Standard\n\nStay abreast on the latest impactful vulnerabilities throughout the industry; or you just might see a piece of your own infrastructure featured in the latest CVE. Our [security bulletins](<https://www.mcafee.com/enterprise/en-us/threat-center/product-security-bulletins.html>) are a great place to start.\n\n \n\n\n## CVE-2022-22536: A Perfect 10!\n\n### What is it?\n\nDoes anyone have a clue what SAP stands for? I\u2019ve always wondered but never been able to demystify the potential acronym. This month it could be confused with a Strikingly Attackable Platform thanks to CVE-2022-22536. The bug exists in the SAP Internet Communication Manager (ICM) when the webserver hosting the ICM is sitting behind a proxy. An attacker can use a technique called [HTTP Response Smuggling](<https://www.whitehatsec.com/glossary/content/http-response-smuggling>) to poison the proxy\u2019s web cache and ICM response queue. Upon an unexpecting user visiting the website and making a GET request for the page, they will download the attacker\u2019s malicious JavaScript instead of the intended webpage. A more detailed (and colorful!) explanation of the attack mechanics is available on the [Onapsis website](<https://onapsis.com/icmad-sap-cybersecurity-vulnerabilities?utm_campaign=2022-Q1-global-ICM-campaign-page&utm_medium=website&utm_source=third-party&utm_content=CISA-alert#download>), for the price of your email, of course.\n\n### Who cares?\n\nSAP in January of 2022 proudly [reported](<https://www.sap.com/documents/2017/04/4666ecdd-b67c-0010-82c7-eda71af511fa.html>) that 99 of 100 of the largest companies in the world were SAP customers with over [230 million cloud users](<https://www.sap.com/about/company/what-is-sap.html>). Couple that statistic with the fact that every SAP application sitting behind any kind of proxy with standard configuration will be vulnerable to this bug, there is a good chance you might need to cancel your weekend plans. Although we don\u2019t put much stock in [CVSS score](<https://nvd.nist.gov/vuln-metrics/cvss>) for this publication, it's worth noting this scored the magical unicorn rating of a perfect 10 and was able to garner special attention from our friends at [CISA](<https://www.cisa.gov/uscert/ncas/current-activity/2022/02/08/critical-vulnerabilities-affecting-sap-applications-employing>).\n\n### What can I do?\n\nIf in doubt as to whether or not your SAP server is vulnerable, the good people at [Onapsis](<https://onapsis.com/>), who discovered the vulnerability, released a Python-based [scanning tool](<https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022>) with a complete CLI. Or, if you have the version number of your NetWeaver, Web Dispatcher, etc., you can simply cross-reference it with [SAP\u2019s official list](<https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022>) of vulnerable versions. Don\u2019t want a call at 2 a.m. about a breach? Take the time to download and install the patches for your SAP products today!\n\n### The Gold Standard\n\nUnfortunately, not every vulnerability can be adequately addressed by network security products, and this vulnerability happens to be one of those cases. Your best bet is to follow the mitigations mentioned above and keep your servers up to date.\n", "cvss3": {}, "published": "2022-03-02T00:00:00", "type": "trellix", "title": "The Bug Report - February 2022 Edition", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-0609", "CVE-2022-22536", "CVE-2022-22620", "CVE-2022-24086", "CVE-2022-24087"], "modified": "2022-03-02T00:00:00", "id": "TRELLIX:73420774AE3767CFB11F493B41572174", "href": "https://www.trellix.com/content/mainsite/en-us/about/newsroom/stories/research/the-bug-report-february-2022.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "cisa": [{"lastseen": "2022-02-16T11:29:33", "description": "CISA has added nine new vulnerabilities to its [Known Exploited Vulnerabilities Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.\n\n**CVE Number** | **CVE Title** | **Remediation Due Date** \n---|---|--- \nCVE-2022-24086 | Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability | 3/1/2022 \nCVE-2022-0609 | Google Chrome Use-After-Free Vulnerability | 3/1/2022 \nCVE-2019-0752 | Microsoft Internet Explorer Type Confusion Vulnerability | 8/15/2022 \nCVE-2018-8174 | Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability | 8/15/2022 \nCVE-2018-20250 | WinRAR Absolute Path Traversal Vulnerability | 8/15/2022 \nCVE-2018-15982 | Adobe Flash Player Use-After-Free Vulnerability | 8/15/2022 \nCVE-2017-9841 | PHPUnit Command Injection Vulnerability | 8/15/2022 \nCVE-2014-1761 | Microsoft Word Memory Corruption Vulnerability | 8/15/2022 \nCVE-2013-3906 | Microsoft Graphics Component Memory Corruption Vulnerability | 8/15/2022 \n \n[Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities](<https://www.cisa.gov/binding-operational-directive-22-01>) established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the [BOD 22-01 Fact Sheet](<https://www.cisa.gov/known-exploited-vulnerabilities>) for more information.\n\nAlthough BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of [Catalog vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the [specified criteria](<https://www.cisa.gov/known-exploited-vulnerabilities>).\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2022/02/15/cisa-adds-nine-known-exploited-vulnerabilities-catalog>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-02-15T00:00:00", "type": "cisa", "title": "CISA Adds Nine Known Exploited Vulnerabilities to Catalog", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3906", "CVE-2014-1761", "CVE-2017-9841", "CVE-2018-15982", "CVE-2018-20250", "CVE-2018-8174", "CVE-2019-0752", "CVE-2022-0609", "CVE-2022-24086"], "modified": "2022-02-15T00:00:00", "id": "CISA:88950AD3AEDA1ACA038AD96EE5152D39", "href": "https://us-cert.cisa.gov/ncas/current-activity/2022/02/15/cisa-adds-nine-known-exploited-vulnerabilities-catalog", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2022-02-25T19:27:09", "description": "_CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively._\n\n### Situation\n\nLast November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a [Binding Operational Directive 22-01](<https://cyber.dhs.gov/bod/22-01/>) called \u201cReducing the Significant Risk of Known Exploited Vulnerabilities.\u201d [This directive](<https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities>) recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of Known Exploited Vulnerabilities that carry significant risk to the federal government and sets requirements for agencies to remediate these vulnerabilities.\n\nThis directive requires federal agencies to review and update internal vulnerability management procedures to remediate each vulnerability according to the timelines outlined in CISA\u2019s vulnerability catalog.\n\n### Directive Scope\n\nThis CISA directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by third parties on an agency\u2019s behalf.\n\nHowever, CISA strongly recommends that public and private businesses as well as state, local, tribal, and territorial (SLTT) governments prioritize the mitigation of vulnerabilities listed in CISA\u2019s public catalog. This is truly vulnerability management guidance for all organizations to heed.\n\n### CISA Catalog of Known Exploited Vulnerabilities\n\nIn total, CISA posted a list of [379 Common Vulnerabilities and Exposures (CVEs)](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) that pose the highest risk to federal agencies. CISA\u2019s most recent update was issued on February 22, 2022.\n\nThe Qualys Research team is continuously updating CVEs to available QIDs (Qualys vulnerability identifiers) in the Qualys Knowledgebase, with the RTI field \u201cCISA Exploited\u201d and this is going to be a continuous approach, as CISA frequently amends with the latest CVE as part of their regular feeds.\n\nOut of these vulnerabilities, Directive 22-01 urges all organizations to reduce their exposure to cyberattacks by effectively prioritizing the remediation of the identified Vulnerabilities.\n\nCISA has ordered U.S. federal agencies to apply patches as soon as possible. The remediation guidance is grouped into multiple categories by CISA based on attack surface severity and time-to-remediate. The timelines are available in the [Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) for each of the CVEs.\n\n### Detect CISA Vulnerabilities Using Qualys VMDR\n\nQualys helps customers to identify and assess the risk to their organizations\u2019 digital infrastructure, and then to automate remediation. Qualys\u2019 guidance for rapid response to Directive 22-01 follows.\n\nThe Qualys Research team has released multiple remote and authenticated detections (QIDs) for these vulnerabilities. Since the directive includes 379 CVEs (as of February 22, 2022) we recommend executing your search based on QQL (Qualys Query Language), as shown here for released QIDs by Qualys **_vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns:"true"_**\n\n\n\n### CISA Exploited RTI\n\nUsing [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>), you can effectively prioritize those vulnerabilities using VMDR Prioritization. Qualys has introduced an **RTI Category, CISA Exploited**.\n\nThis RTI indicates that the vulnerabilities are associated with the CISA catalog.\n\n\n\nIn addition, you can locate a vulnerable host through Qualys Threat Protection by simply clicking on the impacted hosts to effectively identify and track this vulnerability.\n\n\n\nWith Qualys Unified Dashboard, you can track your exposure to CISA Known Exploited Vulnerabilities and track your status and overall management in real-time. With dashboard widgets, you can keep track of the status of vulnerabilities in your environment using the [\u201cCISA 2010-21| KNOWN EXPLOITED VULNERABILITIES\u201d](<https://success.qualys.com/support/s/article/000006791>) Dashboard.\n\n### Detailed Operational Dashboard\n\n\n\n### Remediation\n\nTo comply with this directive, federal agencies need to remediate all vulnerabilities as per the remediation timelines suggested in [CISA Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>)**.**\n\nQualys patch content covers many Microsoft, Linux, and third-party applications. However, some of the vulnerabilities introduced by CISA are not currently supported out-of-the-box by Qualys. To remediate those vulnerabilities, Qualys provides the ability to deploy custom patches. The flexibility to customize patch deployment allows customers to patch all the remaining CVEs in their list.\n\nCustomers can copy the following query into the Patch Management app to help customers comply with the directive\u2019s aggressive remediation timelines set by CISA. Running this query for specific CVEs will find required patches and allow quick and efficient deployment of those missing patches to all assets directly from within Qualys Cloud Platform.\n \n \n cve:[`CVE-2010-5326`,`CVE-2012-0158`,`CVE-2012-0391`,`CVE-2012-3152`,`CVE-2013-3900`,`CVE-2013-3906`,`CVE-2014-1761`,`CVE-2014-1776`,`CVE-2014-1812`,`CVE-2015-1635`,`CVE-2015-1641`,`CVE-2015-4852`,`CVE-2016-0167`,`CVE-2016-0185`,`CVE-2016-3088`,`CVE-2016-3235`,`CVE-2016-3643`,`CVE-2016-3976`,`CVE-2016-7255`,`CVE-2016-9563`,`CVE-2017-0143`,`CVE-2017-0144`,`CVE-2017-0145`,`CVE-2017-0199`,`CVE-2017-0262`,`CVE-2017-0263`,`CVE-2017-10271`,`CVE-2017-11774`,`CVE-2017-11882`,`CVE-2017-5638`,`CVE-2017-5689`,`CVE-2017-6327`,`CVE-2017-7269`,`CVE-2017-8464`,`CVE-2017-8759`,`CVE-2017-9791`,`CVE-2017-9805`,`CVE-2017-9841`,`CVE-2018-0798`,`CVE-2018-0802`,`CVE-2018-1000861`,`CVE-2018-11776`,`CVE-2018-15961`,`CVE-2018-15982`,`CVE-2018-2380`,`CVE-2018-4878`,`CVE-2018-4939`,`CVE-2018-6789`,`CVE-2018-7600`,`CVE-2018-8174`,`CVE-2018-8453`,`CVE-2018-8653`,`CVE-2019-0193`,`CVE-2019-0211`,`CVE-2019-0541`,`CVE-2019-0604`,`CVE-2019-0708`,`CVE-2019-0752`,`CVE-2019-0797`,`CVE-2019-0803`,`CVE-2019-0808`,`CVE-2019-0859`,`CVE-2019-0863`,`CVE-2019-10149`,`CVE-2019-10758`,`CVE-2019-11510`,`CVE-2019-11539`,`CVE-2019-1214`,`CVE-2019-1215`,`CVE-2019-1367`,`CVE-2019-1429`,`CVE-2019-1458`,`CVE-2019-16759`,`CVE-2019-17026`,`CVE-2019-17558`,`CVE-2019-18187`,`CVE-2019-18988`,`CVE-2019-2725`,`CVE-2019-8394`,`CVE-2019-9978`,`CVE-2020-0601`,`CVE-2020-0646`,`CVE-2020-0674`,`CVE-2020-0683`,`CVE-2020-0688`,`CVE-2020-0787`,`CVE-2020-0796`,`CVE-2020-0878`,`CVE-2020-0938`,`CVE-2020-0968`,`CVE-2020-0986`,`CVE-2020-10148`,`CVE-2020-10189`,`CVE-2020-1020`,`CVE-2020-1040`,`CVE-2020-1054`,`CVE-2020-1147`,`CVE-2020-11738`,`CVE-2020-11978`,`CVE-2020-1350`,`CVE-2020-13671`,`CVE-2020-1380`,`CVE-2020-13927`,`CVE-2020-1464`,`CVE-2020-1472`,`CVE-2020-14750`,`CVE-2020-14871`,`CVE-2020-14882`,`CVE-2020-14883`,`CVE-2020-15505`,`CVE-2020-15999`,`CVE-2020-16009`,`CVE-2020-16010`,`CVE-2020-16013`,`CVE-2020-16017`,`CVE-2020-17087`,`CVE-2020-17144`,`CVE-2020-17496`,`CVE-2020-17530`,`CVE-2020-24557`,`CVE-2020-25213`,`CVE-2020-2555`,`CVE-2020-6207`,`CVE-2020-6287`,`CVE-2020-6418`,`CVE-2020-6572`,`CVE-2020-6819`,`CVE-2020-6820`,`CVE-2020-8243`,`CVE-2020-8260`,`CVE-2020-8467`,`CVE-2020-8468`,`CVE-2020-8599`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-22204`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33766`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-35247`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36934`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37415`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40438`,`CVE-2021-40444`,`CVE-2021-40449`,`CVE-2021-40539`,`CVE-2021-4102`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42292`,`CVE-2021-42321`,`CVE-2021-43890`,`CVE-2021-44077`,`CVE-2021-44228`,`CVE-2021-44515`,`CVE-2022-0609`,`CVE-2022-21882`,`CVE-2022-24086`,`CVE-2010-1871`,`CVE-2017-12149`,`CVE-2019-13272` ]\n\n\n\nVulnerabilities can be validated through VMDR and a Patch Job can be configured for vulnerable assets.\n\n\n\n### Federal Enterprises and Agencies Can Act Now\n\nFor federal agencies and enterprises, it\u2019s a race against time to remediate these vulnerabilities across their respective environments and achieve compliance with this binding directive. Qualys solutions can help your organization to achieve compliance with this binding directive. Qualys Cloud Platform is FedRAMP authorized, with [107 FedRAMP authorizations](<https://marketplace.fedramp.gov/#!/product/qualys-cloud-platform?sort=-authorizations>) to our credit.\n\nHere are a few steps Federal entities can take immediately:\n\n * Run vulnerability assessments against all of your assets by leveraging our various sensors such as Qualys agent, scanners, and more\n * Prioritize remediation by due dates\n * Identify all vulnerable assets automatically mapped into the threat feed\n * Use Qualys Patch Management to apply patches and other configuration changes\n * Track remediation progress through our Unified Dashboards\n\n### Summary\n\nUnderstanding just which vulnerabilities exist in your environment is a critical but small part of threat mitigation. Qualys VMDR helps customers discover their exposure, assess threats, assign risk, and remediate threats \u2013 all in a single unified solution. Qualys customers rely on the accuracy of Qualys\u2019 threat intelligence to protect their digital environments and stay current with patch guidance. Using Qualys VMDR can help any size organization efficiently respond to CISA Binding Operational Directive 22-01.\n\n#### Getting Started\n\nLearn how [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) provides actionable vulnerability guidance and automates remediation in one solution. Ready to get started? Sign up for a 30-day, no-cost [VMDR trial](<https://www.qualys.com/forms/vmdr/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2022-02-23T05:39:00", "type": "qualysblog", "title": "Managing CISA Known Exploited Vulnerabilities with Qualys VMDR", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1871", "CVE-2010-5326", "CVE-2012-0158", "CVE-2012-0391", "CVE-2012-3152", "CVE-2013-3900", "CVE-2013-3906", "CVE-2014-1761", "CVE-2014-1776", "CVE-2014-1812", "CVE-2015-1635", "CVE-2015-1641", "CVE-2015-4852", "CVE-2016-0167", "CVE-2016-0185", "CVE-2016-3088", "CVE-2016-3235", "CVE-2016-3643", "CVE-2016-3976", "CVE-2016-7255", "CVE-2016-9563", "CVE-2017-0143", "CVE-2017-0144", "CVE-2017-0145", "CVE-2017-0199", "CVE-2017-0262", "CVE-2017-0263", "CVE-2017-10271", "CVE-2017-11774", "CVE-2017-11882", "CVE-2017-12149", "CVE-2017-5638", "CVE-2017-5689", "CVE-2017-6327", "CVE-2017-7269", "CVE-2017-8464", "CVE-2017-8759", "CVE-2017-9791", "CVE-2017-9805", "CVE-2017-9841", "CVE-2018-0798", "CVE-2018-0802", "CVE-2018-1000861", "CVE-2018-11776", "CVE-2018-15961", "CVE-2018-15982", "CVE-2018-2380", "CVE-2018-4878", "CVE-2018-4939", "CVE-2018-6789", "CVE-2018-7600", "CVE-2018-8174", "CVE-2018-8453", "CVE-2018-8653", "CVE-2019-0193", "CVE-2019-0211", "CVE-2019-0541", "CVE-2019-0604", "CVE-2019-0708", "CVE-2019-0752", "CVE-2019-0797", "CVE-2019-0803", "CVE-2019-0808", "CVE-2019-0859", "CVE-2019-0863", "CVE-2019-10149", "CVE-2019-10758", "CVE-2019-11510", "CVE-2019-11539", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-13272", "CVE-2019-1367", "CVE-2019-1429", "CVE-2019-1458", "CVE-2019-16759", "CVE-2019-17026", "CVE-2019-17558", "CVE-2019-18187", "CVE-2019-18988", "CVE-2019-2725", "CVE-2019-8394", "CVE-2019-9978", "CVE-2020-0601", "CVE-2020-0646", "CVE-2020-0674", "CVE-2020-0683", "CVE-2020-0688", "CVE-2020-0787", "CVE-2020-0796", "CVE-2020-0878", "CVE-2020-0938", "CVE-2020-0968", "CVE-2020-0986", "CVE-2020-10148", "CVE-2020-10189", "CVE-2020-1020", "CVE-2020-1040", "CVE-2020-1054", "CVE-2020-1147", "CVE-2020-11738", "CVE-2020-11978", "CVE-2020-1350", "CVE-2020-13671", "CVE-2020-1380", "CVE-2020-13927", "CVE-2020-1464", "CVE-2020-1472", "CVE-2020-14750", "CVE-2020-14871", "CVE-2020-14882", "CVE-2020-14883", "CVE-2020-15505", "CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16010", "CVE-2020-16013", "CVE-2020-16017", "CVE-2020-17087", "CVE-2020-17144", "CVE-2020-17496", "CVE-2020-17530", "CVE-2020-24557", "CVE-2020-25213", "CVE-2020-2555", "CVE-2020-6207", "CVE-2020-6287", "CVE-2020-6418", "CVE-2020-6572", "CVE-2020-6819", "CVE-2020-6820", "CVE-2020-8243", "CVE-2020-8260", "CVE-2020-8467", "CVE-2020-8468", "CVE-2020-8599", "CVE-2021-1647", "CVE-2021-1675", "CVE-2021-1732", "CVE-2021-21017", "CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-22204", "CVE-2021-22893", "CVE-2021-22894", "CVE-2021-22899", "CVE-2021-22900", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27059", "CVE-2021-27065", "CVE-2021-27085", "CVE-2021-28310", "CVE-2021-28550", "CVE-2021-30116", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31207", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31979", "CVE-2021-33739", "CVE-2021-33742", "CVE-2021-33766", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35211", "CVE-2021-35247", "CVE-2021-36741", "CVE-2021-36742", "CVE-2021-36934", "CVE-2021-36942", "CVE-2021-36948", "CVE-2021-36955", "CVE-2021-37415", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40438", "CVE-2021-40444", "CVE-2021-40449", "CVE-2021-40539", "CVE-2021-4102", "CVE-2021-41773", "CVE-2021-42013", "CVE-2021-42292", "CVE-2021-42321", "CVE-2021-43890", "CVE-2021-44077", "CVE-2021-44228", "CVE-2021-44515", "CVE-2022-0609", "CVE-2022-21882", "CVE-2022-24086"], "modified": "2022-02-23T05:39:00", "id": "QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "href": "https://blog.qualys.com/category/product-tech", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
Exploit for Improper Input Validation in Adobe Commerce
