What is CVE-2022-24086?
(Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability)
The successful exploitation could result in the execution of arbitrary code. According to Adobe, it is classified as pre-authentication, which means this flaw can be exploited without authentication. The CVE-2022-24086 allows RCE ( Remote Code Execution), Which implies that the attacker can perform scans for web vulnerabilities and penetrate any defense without facing much trouble.
Improper input validation resulted in this vulnerability. The remote attacker sends a crafted request, executing the arbitrary code on the targeted system.
If the attacker successfully exploits the vulnerability, it may result in the complete compromise of the attacked system.
The following version of products are affected by this vulnerability:
- All platforms are running Adobe Commerce 2.4.3-p1, 2.4.3-p2, and previous versions (2.3.7-p2 and earlier versions).
- All platforms are running Magento Open Source 2.4.3-p1, 2.4.3-p2, and previous versions (2.3.7-p2 and earlier versions).
Severity of the Vulnerability
With a severity of 9.8 out of 10, the maximum severity rating has been assigned to this severity.
|
CVE ID |
CVE-2022-24086 |
|
Vendor |
Adobe |
|
Project |
Commerce and Magento Open Source |
|
Vulnerability Name |
Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability |
|
Date added to Catalog |
2022-02-15 |
|
Description |
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution. |
Remediation
Adobe responded to this vulnerability by releasing the patches to fix vulnerability. Adobe has recommended users to update their installation to the latest version.
What is CVE-2022-0609?
(Google Chrome Use-After-Free Vulnerability)
This vulnerability is defined as the Use-After-Free (UAF) in the animation component in Google Chrome. UAF is a vulnerability resulting from the improper use of dynamic memory during the program's execution. An attacker can use the error to alter a program if the software does not clear the pointer to a memory address after it has been freed. When a program refers to memory after it has been freed, it may crash, use unexpected values, or execute code.
When this vulnerability is exploited, it can cause real data to be corrupted and arbitrary code to be executed on affected systems.
As a result, a remote attacker can generate a specially designed web page, dupe the victim into viewing it, exploit the UAF flaw, and execute arbitrary code on the target system.
|
CVE ID |
CVE-2022-0609 |
|
Vendor |
|
|
Product |
Chrome |
|
Vulnerability Name |
Google Chrome Use-After-Free Vulnerability |
|
Date added to the Catalog |
2022-02-15 |
|
Description |
The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome. |
Severity of the vulnerability
With a severity of 9.8 out of 10, the maximum severity rating has been assigned to this severity.
Remediation
If you're using Chrome on Windows, Mac, or Linux, you should update as soon as possible to version 98.0.4758.102.
Enabling automatic updates on chrome is the easiest way to remediate this vulnerability.
Learn about the newly discovered critical Vulnerabilities and their Remediations
