Adobe Commerce and Magento websites at risk
15th November 2024
CosmicSting, known as CVE-2024-34102, is a very serious security problem affecting Adobe Commerce and Magento websites. It is considered “critical,” with a high danger level of 9.8 out of 10. This issue involves something called an “XML external entity (XXE) vulnerability,” which means that hackers can trick the system into showing them secret files on a website’s server.
What’s more concerning is when CosmicSting is combined with a separate weakness found in Linux systems, called CVE-2024-2961. Together, these vulnerabilities could let hackers not only read private files but also run harmful programs on the server. This makes CosmicSting one of the biggest threats to online shopping websites in years.
Affected Versions
Many versions of Adobe Commerce and Magento need fixing:
- Adobe Commerce: All versions up to 2.4.7.
- Magento Open Source: Also affected up to version 2.4.7.
- Adobe Commerce Extended Support: A wide range of older supported versions.
- Adobe Commerce Webhooks Plugin: Versions from 1.2.0 to 1.4.0.
How to Fix It
- Update to the Latest Version: Adobe has created updates that fix this issue. Website owners should install these as soon as possible to stay safe.
- Temporary Measures: If updating right away isn’t possible, there are emergency steps you can take. These might include adding code to stop hackers from getting in.
Applying updates is very important. Even if details about how this vulnerability works are not fully published, hackers could study the patches and figure out how to attack. Keeping everything updated and checking for new threats will help protect your website.
If you are unsure if you have been affected, and/or need more information, assistance or to monitor your site contact us on 0800 444 000 or complete the form below.