Name of the Vulnerable Software and Affected Versions: Magento Commerce versions 1.9.0.0 through 1.14.4.0 Magento Open Source versions 1.5.0.0 through 1.9.4.0

Description: The issue concerns multiple vulnerabilities in Magento, including remote code execution (RCE), cross-site scripting (XSS), and cross-site request forgery (CSRF). These vulnerabilities can be exploited through various means, such as API endpoints, customer import, and unauthorized uploads. The vulnerabilities also include issues related to brute force requests, credit card storage, and outdated jQuery causing PCI scanning failures.

Recommendations: For Magento Commerce versions 1.9.0.0 through 1.14.4.0: Apply SUPEE-10975 or upgrade to Magento Commerce 1.14.4.0. For Magento Open Source versions 1.5.0.0 through 1.9.4.0: Apply SUPEE-10975 or upgrade to Magento Open Source 1.9.4.0.