Detections
Analytics

CVE-2022-24086

critical

Description

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

References

https://www.edgescan.com/wp-content/uploads/2024/03/2023-Vulnerability-Statistics-Report.pdf

https://blog.checkpoint.com/research/november-2024s-most-wanted-malware-androxgh0st-leads-the-pack-targeting-iot-devices-and-critical-infrastructure/

https://blog.checkpoint.com/security/october-2024s-most-wanted-malware-infostealers-surge-as-cyber-criminals-leverage-innovative-attack-vectors/

https://blog.checkpoint.com/research/july-2024s-most-wanted-malware-remcos-and-ransomhub-run-rampant/

https://blog.checkpoint.com/security/march-2024s-most-wanted-malware-hackers-discover-new-infection-chain-method-to-deliver-remcos/

https://www.bleepingcomputer.com/news/security/magnet-goblin-hackers-use-1-day-flaws-to-drop-custom-linux-malware/

https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/

https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report

https://labs.watchtowr.com/adobe-commerce-magento-rce-cve-2022-24086/

https://helpx.adobe.com/security/products/magento/apsb22-12.html

Details

Source: Mitre, NVD

Published: 2022-02-16

Updated: 2025-02-13

Named Vulnerability: XurumKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.90759