Skip to main content

MAGENTO 2.2.1, 2.1.10 AND 2.0.17 PATCHES | SECURITY UPDATE

Magento Commerce and Open Source 2.2.1, 2.1.10 and 2.0.17 contain multiple security enhancements.

  • Cross-Site Scripting (XSS).
  • Local File Inclusion (LFI).
  • Authenticated Admin user remote code execution (RCE) .
  • Arbitrary File Delete vulnerabilities

APPSEC-1325: Stored XSS in Billing Agreements

 Type                  :        Cross-Site Scripting (XSS, stored)

 CVSSv3 Severity  :        5.5 (Medium)

 Known Attacks    :        None
Description         :   An administrator with limited privileges can create Billing                                                   Agreements with embedded cross-site scripting elements that                                           can subsequently lead to a stored cross-site scripting attack.

 Product(s) 
Affected             :  Magento Open Source prior to 1.9.3.7, and Magento                                                             Commerce prior to 1.14.3.7, Magento 2.0 prior to 2.0.17,                                                  Magento 2.1 prior to 2.1.10, Magento 2.2

 Fixed In              :  Magento Open Source 1.9.3.7, Magento Commerce 1.14.3.7,                                                SUPEE-10415, Magento 2.0.17, Magento 2.1.10, Magento 2.2.1
APPSEC-1825: PHP Object Injection in E-mail templates leading to Remote Code Execution

 Type                         :   Remote Code Execution (RCE)

 CVSSv3 Severity         : 8.2 (High)

 Known Attacks           : None

 Description                : An administrator with limited privileges  can insert                                                            malicious  code in e-mail templates, creating an                                                                 opportunity for arbitrary remote code execution.

 Product(s) Affected   : Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10,                                                    Magento 2.2
Fixed In                     : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1830: PHP Object Injection in product attributes leading to Remote Code Execution

 Type                    : Remote Code Execution (RCE)

 CVSSv3 Severity   : 8.2 (High)

 Known Attacks     : None

 Description          : An administrator with limited privileges  can insert injectable                                            code in product attributes, potentially leading to arbitrary                                                 remote code execution.

 Product(s)
 Affected             : Magento Open Source prior to 1.9.3.7, and Magento Commerce                                             prior to 1.14.3.7, Magento 2.0 prior to 2.0.17, Magento 2.1                                                   prior to 2.1.10, Magento 2.2

 Fixed In                : Magento Open Source 1.9.3.7, Magento Commerce 1.14.3.7,                                              SUPEE-10415, Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1861: PHP Object Injection in product entries leading to Remote Code Execution

 Type                     : Remote Code Execution (RCE)

 CVSSv3 Severity    : 8.2 (High)

 Known Attacks      : None

 Description           : An administrator with limited privileges  can insert injectable                                             code in promo fields, creating an opportunity for arbitrary                                                  remote code execution.

 Product(s) 
Affected                : Magento Open Source prior to 1.9.3.7, and Magento Commerce                                           prior to 1.14.3.7, Magento 2.0 prior to 2.0.17, Magento 2.1                                                prior to 2.1.10, Magento 2.2

 Fixed In                 : Magento Open Source 1.9.3.7, Magento Commerce 1.14.3.7,                                                SUPEE-10415, Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1881: PHP Object Injection in Downloadable Products leading to Remote Code Execution

 Type                      : Remote Code Execution (RCE)

 CVSSv3 Severity     : 7.2 (High)

 Known Attacks       : None

 Description            : An administrator with limited privileges can create a                                                            downloadable product that can create an opportunity for                                                     arbitrary code execution.

 Product(s) Affected: Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10,                                                    Magento 2.2

 Fixed In                  : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1893: PHP Object Injection in product metadata leading to Remote Code Execution

 Type                    : Remote Code Execution (RCE)

 CVSSv3 Severity    : 8.2 (High)

 Known Attacks      : None

 Description           :    An administrator with limited privileges can insert injectable                                              code in the swatches feature, creating an opportunity for                                                  arbitrary remote code execution.

 Product(s) Affected: Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10

 Fixed In                  : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1900: Remote Code Execution by leveraging 1st stage unsanitized form input

 Type                         : Remote Code Execution (RCE)

 CVSSv3 Severity         : 8.2 (High)

 Known Attacks           : None

 Description                :   An administrator with limited privileges can create a store                                                    website that can accept and run arbitrary remote code                                                        execution.

 Product(s) Affected    : Magento 2.0 prior to 2.0.17, Magento2.1 prior to2.1.10,                                                         Magento 2.2

 Fixed In                      : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1910: Local File Inclusion (LFI) in Import History

 Type                           : Local File Inclusion + Potential RCE

 CVSSv3 Severity           : 6.1 (Medium)

 Known Attacks             : None

 Description                  :   An administrator with limited privileges can delete                                                            critical system control files to subsequently gain                                                                 privilege escalation through the Import History section.

 Product(s) Affected      : Magento 2.0 prior to 2.0.17, Magento 2.1 prior to                                                                 2.1.10, Magento 2.2

 Fixed In                        : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1930: PHP Object Injection in Widgets leading to Remote Code Execution

 Type                             : Remote Code Execution (RCE)

 CVSSv3 Severity             : 8.2 (High)
Known Attacks               : None

 Description                    : An administrator with limited privileges  can insert a                                                          widget block containing malicious code, creating an                                                             opportunity for  arbitrary remote code execution.

 Product(s) Affected        : Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10

 Fixed In                         : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1

APPSEC-1931             :      PHP Object Injection in Zend Framework 
                                        leading to Arbitrary File Deletion

 APPSEC-1931            :  PHP Object Injection in Zend Framework leading to Arbitrary                                             File  Deletion

 Type                       : Arbitrary File Delete

 CVSSv3 Severity      : 7.2 (High)

 Known Attacks       :    None

 Description            : An administrator with limited privileges can inject malicious                                                code that can cause sensitive files to be deleted. He could                                                  then  launch a second stage payload that would lead to                                                       arbitrary remote code execution.

 Product(s) Affected: Magento 2.0 prior to 2.0.17, Magento 2.1 prior to 2.1.10
Fixed In                  : Magento 2.0.17, Magento 2.1.10, Magento 2.2.1


Labels:

Comments

  1. Nathan Duference28 September 2020 at 22:41

    Thank you for sharing such useful information. I really enjoyed while reading your article and it is good to know the latest updates. Do post more. And also read about Magento 2 Development Company

    ReplyDelete

Post a Comment

Popular posts from this blog

How to remove subscriber box and footer links from footer in Magento 2

Preconditions: I installed Magento 2 with sample data used luma theme for customised right now . Now I'm trying to remove Footer subscriber form  in mycustom theme which I created before.  As I tried to remove it from layout by m2\vendor\magento\theme-frontend-luma\Magento_Theme\layout\default.xml Just need to copy paste      <referenceBlock name="form.subscribe" remove="true" /> if you want to remove footer then you remove block like this.       <referenceBlock name="footer_links" remove="true" /> in above file file  m2\vendor\magento\theme-frontend-luma\Magento_Theme\layout\default.xml default.xml file used to change layout of page if file doesn't exist then you can create your own file <?xml version="1.0"?> <page layout="1column" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"      xsi:noNamespaceSchemaLocation="../../../../...
2 comments
Read more

Magento 2.2.1 open source Released| New features and Bug Fixes

This release includes numerous functional fixes and enhancements. Highlights Look for the following highlights in this release: Integrated Signifyd Fraud Protection is now available in Magento Open Source. See  Signifyd fraud protection  for more information. Ability to implement translations from themes. We’ve also significantly reduced JavaScript-related translation issues. Improvements to how the PayPal Express Checkout payment method processes virtual products. Multiple enhancements to product security. See  Magento Security Center  for more information. Twenty-two community-submitted bug fixes and multiple pull requests. Looking for more information on these new features as well as many others? Check out  Magento 2.2 Developer Documentation . Security enhancements Magento 2.2.1 includes multiple security enhancements. Although this release includes these enhancements, no confirmed attacks related to these issues have occurred to ...
Post a Comment
Read more