Adobe Magento
Recent Adobe Magento Security Advisories
| Advisory | Title | Published |
|---|---|---|
| APSB22-48 | Security Updates Available for Magento | APSB21-08 APSB22-48 | August 22, 2022 |
| APSB22-38 | Security Updates Available for Magento | APSB21-08 APSB22-38 | August 9, 2022 |
| APSB22-13 | Security Updates Available for Magento | APSB21-08 APSB22-13 | April 13, 2022 |
| APSB22-12 | Security Updates Available for Magento | APSB21-08 APSB22-12 | February 13, 2022 |
| APSB21-86 | Security Updates Available for Magento | APSB21-08 APSB21-86 | October 12, 2021 |
| APSB21-64 | Security Updates Available for Magento | APSB21-08 APSB21-64 | August 11, 2021 |
| APSB21-30 | Security Updates Available for Magento | APSB21-08 APSB21-30 | May 11, 2021 |
| APSB21-08 | Security Updates Available for Magento | APSB21-08 | February 9, 2021 |
| APSB20-41 | Security Updates Available for Magento | APSB20-41 | June 22, 2020 |
| APSB20-22 | Security Updates Available for Magento | APSB20-22 | April 28, 2020 |
By the Year
In 2023 there have been 0 vulnerabilities in Adobe Magento . Magento did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 8.10 |
| 2020 | 1 | 8.10 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Magento vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Magento Security Vulnerabilities
Magento versions 2.4.1 (and earlier)
CVE-2021-21013
8.1 - High
- January 13, 2021
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's account.
AuthZ
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2
CVE-2020-8818
8.1 - High
- February 25, 2020
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
Origin Validation Error
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cardgate Payments or by Adobe? Click the Watch button to subscribe.
