APSB22-12 — Critical security vulnerability in Magento Open Source and Adobe Commerce

On Sunday February 13th, 2022, Adobe released an emergency patch for versions of Magento 2 (Adobe Commerce), to fix a critical vulnerability (APSB22-12). This vulnerability has a CVSS score of 9.8, as it allows unauthenticated remote code execution, meaning hackers could use this vulnerability to get complete control of your site. We highly advise you to install the patch as soon as possible to prevent this from happening.

It allows for unauthenticated remote code execution meaning that hackers can easily penetrate and control your site if it’s run on the affected Magento versions:

  • Adobe Commerce
    • 2.4.3-p1 and earlier versions
    • 2.3.7-p2 and earlier versions
  • Magento Open Source
    • 2.4.3-p1 and earlier versions
    • 2.3.7-p2 and earlier versions
  • *Adobe Commerce 2.3.3 and lower are not affected.

Security updates available for Adobe Commerce APSB22-12

Call Crimson Agility to have our specialists install this security patch for you, we have Magento support options for companies of all sizes. For Crimson Agility clients, this should take no longer than 1.0 hour of effort to install, deploy, and validate.