Thursday, January 21, 21:55
Home security Adobe: Fixes critical vulnerabilities in the Magento platform

Adobe: Fixes critical vulnerabilities in the Magento platform

Η Adobe released an out-of-band series updates security to correct important issues in Magento platform.


The updates were released on October 15th and do not belong to the standard monthly patch issued by Adobe. The updates correct nine vulnerabilities, eight of which are considered critical or serious. The last error considered to be of moderate severity.

Diseases affect it Magento Commerce and Magento Open Source, the publications 2.3.5-p1, 2.4.0 and older versions.

The most critical vulnerabilities in the Adobe Magento platform, which have now been resolved with the new updates, are known as CVE-2020-24407 and CVE-2020-24400. Vulnerabilities allow code execution or the access to databases data. In both cases, however, the attacker must first acquire administrator privileges in order to take advantage of the vulnerabilities.

In addition, Adobe encountered another vulnerability (CVE-2020-24402), allowing attackers to manipulate and modify customer lists.

According to ZDNet, other vulnerabilities fixed include: a cross-site scripting (XSS) error (CVE-2020-24408), a session cancellation error (CVE-2020-24401), a security vulnerability that allows Magento pages CMS may be modified without his permission user (CVE-2020-24404) and two errors that prevent access to resources (CVE-2020-24405 and CVE-2020-24403).


According to Adobe, the least dangerous error (CVE-2020-24406) is the inadvertent disclosure of the root path of a document, which could lead to the disclosure of sensitive information.

In the established monthly patch, Adobe fixed a critical vulnerability in Flash for Windows, macOS, Linux and Chrome OS. This vulnerability (CVE-2020-9746) could be used for software crashes or for malicious code execution.

This week, the Microsoft its own security updates (Patch Tuesday October 2020) to correct vulnerabilities in many of its products. In total, the company corrects 87 vulnerabilities. 21 of them allow code execution and affect Outlook, Excel and Windows TCP / IP stack.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...