CVE-2022-24086

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier)

Description The issue is related to an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. There is an ongoing campaign called Xurum that exploits this critical flaw, putting businesses at risk. The vulnerability allows an attacker to execute code on the server without authentication.

Recommendations For Adobe Commerce versions 2.4.3-p1 and earlier, update to a version that includes the fix for this issue. For Adobe Commerce versions 2.3.7-p2 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the checkout process until a patch is available.