July 18, 2024 at 11:03AM
CISA and Adobe issued warnings about an actively exploited vulnerability in Adobe Commerce, allowing attackers to execute arbitrary code. Adobe released patches for affected versions and an isolated patch for the vulnerability. CISA included the vulnerability in its Known Exploited Vulnerabilities catalog, and federal agencies have until August 7 to remediate vulnerable instances. Organizations are strongly advised to review CISA’s list and address identified vulnerabilities promptly.
Based on the meeting notes, the key takeaways are:
1. Adobe Commerce vulnerability CVE-2024-34102 with a CVSS score of 9.8 is being actively exploited in attacks.
2. Adobe has released patches for affected versions and issued an additional hotfix to address the vulnerability.
3. Customers are urged to apply the updates, hotfix, and rotate their encryption keys to ensure proper protection.
4. CISA has added CVE-2024-34102 to its Known Exploited Vulnerabilities catalog, and federal agencies have a deadline to remediate vulnerable instances.
5. Website owners and organizations are advised to review and address vulnerabilities listed in CISA’s KEV list promptly.