VIR Vulnerability Intelligence Relay

CVE-2022-24086

unknown KEV
Published 2022-02-17 · Modified 2022-02-15
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
CVSS v2
VIR risk
1.5

Description

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.

CISA KEV

Vendor
Adobe
Product
Commerce and Magento Open Source
Due date
2022-03-01

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://nvd.nist.gov/vuln/detail/CVE-2022-24086

Exploits

Package impact
EcosystemPackageVulnerableFixed
php Packagistmagento/community-edition>=2.3.3-p1,<2.3.7-p32.3.7-p3
php Packagistmagento/community-edition>=2.4.0,<2.4.3-p22.4.3-p2

References

Verify integrity in audit chain (admin only). AS-IS.