Two new security updates are available for Adobe Commerce

Two new security updates are available for Adobe Commerce

This week, Adobe Team released two security updates - 2.4.4-p2 and 2.4.5-p1. The updates contain the fixes of two vulnerabilities - a critical one and a medium one. Their exploitation might enable arbitrary code execution and the ability to bypass security features.

The first vulnerability belongs to the CWE-79 category. It allows to execution of arbitrary code using cross-site scripting (stored XSS). An attacker isn’t required to have admin permissions and doesn’t have to be authorized at all. 

The second vulnerability belongs to CWE-284 and allows bypassing some of the security features. It is less severe than the previous one since it requires the attacker to get authorization. However, admin privileges still aren’t required.

In addition, the Adobe team offered an update for Adobe Commerce 2.4.4, which contains a patch that allows you to continue using DHL as a shipping method on your website. The update is required because DHL will stop supporting schema version 6.0 and move to the recently introduced version 6.2. This change will render the DHL shipping method unusable, so the store owners must take care of this beforehand. Adobe Commerce 2.4.5 and newer don’t require this update since schema version 6.2 is already available.

Image credit: Photo by Dries Augustyns on Unsplash

Reading next

Maggie - a new backdoor for Microsoft SQL servers
How to improve customer service in eCommerce? - Zest Logic

Interested in a specific business & technology topic and looking for an article in our blog but haven't found one yet?

If you haven't come across an article that matches your query, feel free to suggest the topic to us, and we'll consider featuring it in our blog. Share your suggestion in the form below, and we'll be sure to review your request.

Talk with us

If you have any questions or problems in your business that can be solved with technical solutions, just let us know. We'll do everything we can to help you.