Magento Adobe Magento

Do you want an email whenever new security vulnerabilities are reported in Adobe Magento?

Recent Adobe Magento Security Advisories

Advisory Title Published
APSB22-48 Security Updates Available for Magento | APSB21-08 APSB22-48 August 22, 2022
APSB22-38 Security Updates Available for Magento | APSB21-08 APSB22-38 August 9, 2022
APSB22-13 Security Updates Available for Magento | APSB21-08 APSB22-13 April 13, 2022
APSB22-12 Security Updates Available for Magento | APSB21-08 APSB22-12 February 13, 2022
APSB21-86 Security Updates Available for Magento | APSB21-08 APSB21-86 October 12, 2021
APSB21-64 Security Updates Available for Magento | APSB21-08 APSB21-64 August 11, 2021
APSB21-30 Security Updates Available for Magento | APSB21-08 APSB21-30 May 11, 2021
APSB21-08 Security Updates Available for Magento | APSB21-08 February 9, 2021
APSB20-41 Security Updates Available for Magento | APSB20-41 June 22, 2020
APSB20-22 Security Updates Available for Magento | APSB20-22 April 28, 2020

By the Year

In 2023 there have been 0 vulnerabilities in Adobe Magento . Magento did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2023 0 0.00
2022 0 0.00
2021 1 8.10
2020 1 8.10
2019 0 0.00
2018 0 0.00

It may take a day or so for new Magento vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Adobe Magento Security Vulnerabilities

Magento versions 2.4.1 (and earlier)

CVE-2021-21013 8.1 - High - January 13, 2021

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.

AuthZ

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2

CVE-2020-8818 8.1 - High - February 25, 2020

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.

Origin Validation Error

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Cardgate Payments or by Adobe? Click the Watch button to subscribe.

Adobe
Vendor

Adobe Magento
Product

subscribe