XenonStack Recommends

Security Intelligence

CVE-2022-0609 and CVE-2022-24086 Vulnerabilities

Parveen Bhandari | 11 August 2022

Subscription

XenonStack White Arrow

Thanks for submitting the form.

What is CVE-2022-24086?

(Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability)

The successful exploitation could result in the execution of arbitrary code. According to Adobe, it is classified as pre-authentication, which means this flaw can be exploited without authentication. The CVE-2022-24086 allows RCE ( Remote Code Execution), Which implies that the attacker can perform scans for web vulnerabilities and penetrate any defense without facing much trouble.

Improper input validation resulted in this vulnerability. The remote attacker sends a crafted request, executing the arbitrary code on the targeted system.

If the attacker successfully exploits the vulnerability, it may result in the complete compromise of the attacked system.

The following version of products are affected by this vulnerability:

  • All platforms are running Adobe Commerce 2.4.3-p1, 2.4.3-p2, and previous versions (2.3.7-p2 and earlier versions).
  • All platforms are running Magento Open Source 2.4.3-p1, 2.4.3-p2, and previous versions (2.3.7-p2 and earlier versions).

Severity of the Vulnerability

With a severity of 9.8 out of 10, the maximum severity rating has been assigned to this severity.

CVE ID

CVE-2022-24086

Vendor

Adobe

Project

Commerce and Magento Open Source

Vulnerability Name

Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability

Date added to Catalog

2022-02-15

Description

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.

Remediation 

Adobe responded to this vulnerability by releasing the patches to fix vulnerability. Adobe has recommended users to update their installation to the latest version.

What is CVE-2022-0609?

(Google Chrome Use-After-Free Vulnerability)

This vulnerability is defined as the Use-After-Free (UAF) in the animation component in Google Chrome. UAF is a vulnerability resulting from the improper use of dynamic memory during the program's execution. An attacker can use the error to alter a program if the software does not clear the pointer to a memory address after it has been freed. When a program refers to memory after it has been freed, it may crash, use unexpected values, or execute code.

When this vulnerability is exploited, it can cause real data to be corrupted and arbitrary code to be executed on affected systems.

As a result, a remote attacker can generate a specially designed web page, dupe the victim into viewing it, exploit the UAF flaw, and execute arbitrary code on the target system.

CVE ID

CVE-2022-0609

Vendor

Google

Product

Chrome

Vulnerability Name

Google Chrome Use-After-Free Vulnerability

Date added to the Catalog

2022-02-15

Description

The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome.

Cyber Security Services
End-to-End Proactive Solutions for empowering Advanced Threat Protection and Intelligence with Real-Time Analytics, Cyber Security Services

Severity of the vulnerability

With a severity of 9.8 out of 10, the maximum severity rating has been assigned to this severity.

Remediation

If you're using Chrome on Windows, Mac, or Linux, you should update as soon as possible to version 98.0.4758.102.
Enabling automatic updates on chrome is the easiest way to remediate this vulnerability.

Learn about the newly discovered critical Vulnerabilities and their Remediations