Affected Resources:
- Magento Commerce versions 2.3.3 and previous versions Magento Commerce 2.2.10 and previous versions.
- Magento versions Open Source 2.3.3 and previous versions and Magento Open Source 2.2.10 and rpevious versions.
- Magento Enterprise Edition versions 1.14.4.3 and previous versions.
- Magento Community Edition versions 1.9.4.3 and previous versions.
Description:
The content manager of the Magento Online Shops have published a bunch of security updates for the Magento Commerce and Open Source, which gives solution to many vulnerabilities that could allow an attacker to execute an arbitrary code.
Solution:
If your online shop uses the 2.3.3 version, no matter if Commerce or Open Source, it is recommended to instal the 2.3.4.
Instead, if you use the 1.14.4.3 of Magento Enterprise Edition, it is recommended to update it to the 1.14.4.4. Last, if you work with Magento Community Edition 1.9.4.3, update it to the 1.9.4.4 version as soon as posible.
Important:
Before doing those kind of actions in producction enviroinments, it is recommended to make tests in pre-production enviroinments to check if everything works correctly after the instalation.
Would you like to stay tunned with the information of our warnings? Come and subscribe to our boletins or to our profile in Twitter @ProtegeEmpresa and Facebook. You will be the first in knowing about the latest security news for companies. We also give you a free phone number for cyber security help: 900 116 117
Details:
This update corrects a pack of vulnerabilities type Cross-Site Scripting (XSS) that would allow an attacker the execution of malicious code, or SQL Injection that, together with others, would allow the access and share of confidential information,
It is important to protect the content manager to avoid it of becoming vulnerable. Follow this checklist to avoid possible attacks from cyber delinquents.