Site Security, Health, & Performance
Site Security, Health, & Performance

Adobe Commerce & Magento Open Source Security Update | APSB24-61 / CVE-2024-39397

BY David Baier
August 22, 2024

Adobe Security Bulletin – APSB24-61

On August 13, 2024, Adobe released its latest security update for Adobe Commerce, Magento Open Source, and the Adobe Commerce Webhooks Plugin, as part of its regular security maintenance schedule. The update, known as APSB24-61, addresses several critical, important, and moderate vulnerabilities that, if exploited, could have severe implications for your eCommerce operations.

Securityโ€ฏupdateโ€ฏavailableโ€ฏforโ€ฏAdobe Commerceโ€ฏ|โ€ฏAPSB24-61

 

Whatโ€™s at Risk?

The vulnerabilities resolved by APSB24-61 span a range of potential threats, including:

  • Arbitrary Code Execution: Attackers could potentially execute unauthorized code within your environment, posing a significant risk to the integrity and security of your eCommerce platform.
  • Arbitrary File System Read: This vulnerability could allow attackers to access sensitive files on your server, leading to potential data breaches.
  • Security Feature Bypass: If exploited, this flaw could undermine built-in security features designed to protect your platform from various attacks.
  • Privilege Escalation: Attackers could gain elevated privileges, allowing them to perform unauthorized actions within your system.

Given the serious nature of these vulnerabilities, it is imperative to apply the security update as soon as possible. Delaying this could leave your platform exposed to potential attacks, which could result in data loss, service disruption, or reputational damage.

Special Attention: CVE-2024-39397

Among the vulnerabilities addressed, CVE-2024-39397 is particularly noteworthy. This issue is specific to environments running on the Apache web server. Recognizing the critical nature of this vulnerability, Adobe has released an isolated patch dedicated solely to resolving CVE-2024-39397.

If your eCommerce platform utilizes Apache, it is crucial to apply this patch immediately to prevent any potential exploitation. Failing to address this vulnerability could leave your system open to significant security risks.

Affected Versions of Adobe Commerce & Magento Open Source

Adobe has identified the following affected versions of Adobe Commerce, Magento Open Source, and Adobe Commerce Webhooks Plugin.

  • Adobe Commerce: 2.4.7-p1 and earlier, 2.4.6-p6 and earlier, 2.4.5-p8 and earlier, 2.4.4-p9 and earlier.
  • Magento Open Source: 2.4.7-p1 and earlier, 2.4.6-p6 and earlier, 2.4.5-p8 and earlier, 2.4.4-p9 and earlier.
  • Adobe Commerce Webhooks Plugin: 1.2.0 to 1.4.0

If you are using one of these versions, it is recommended that you take action immediately. Contact Crimson Agility if you need help.

Adobe Commerce/Magento Support Services

Crimson Agility Managed Services & Support can help identify if your site has been compromised, install the required patch, and remediate any related issues.

With Managed Services from Crimson Agility, you can expect:

  • Our team of experienced, certified developers will ensure a successful, hassle-free installation of the latest security patches without disruption to customers or business operations.
  • Our quality team will rigorously test your website to verify that the patches are properly applied and the site is secure.
  • Regularly updating your site with the newest security patches strengthens its defenses against potential threats, ensuring the protection of customer data and your business reputation.
  • We proactively monitor Adobe Commerce and Magento Open Source releases continuously, allowing you to focus on your business with confidence.

Immediate Action Required

To ensure your Adobe Commerce or Magento Open Source platform remains secure:

  1. Apply the Latest Security Updates: Implement APSB24-61 without delay to protect your system from the vulnerabilities mentioned.
  2. Isolated Patch for Apache Users: If your platform operates on the Apache web server, make sure to apply the isolated patch for CVE-2024-39397 as an added layer of security.
  3. Consult with a Crimson Agility Engineer: Our Crimson Agility Engineers can assist and help guide you through the patching process and ensure the updates are applied correctly.

Act now to safeguard your business from security vulnerabilities with our Magento Developer Support. Donโ€™t risk waiting until itโ€™s too late!

Final Thoughts

Security is a continuous process, and keeping your eCommerce platform up to date with the latest patches is essential for protecting your business. The APSB24-61 update is a critical measure to safeguard your system from known vulnerabilities. Donโ€™t waitโ€”apply the update today and maintain the integrity and security of your online operations.

For comprehensive protection, we also provide the following services:

  • Security Scans & Monitoring: Ongoing monitoring of your site to protect you and your customers.
  • Health & Security Audit: Identifies and addresses potential security threats to ensure your siteโ€™s safety.

Receive professionally managed and monitored security for your online store with Crimson Agility โ€“ your trusted Magento and Adobe Commerce security partner.

If you have any questions or would like to discuss your specific needs, please don’t hesitate to contact our team or call us at (480) 506-0482. We are here to help you maintain the highest level of security for your Adobe Commerce or Magento store.

By keeping your Adobe Commerce platform up to date, you are taking proactive steps to protect your business and your customers from potential security threats.

https://youtu.be/sdkaH2V5iRI

Best regards,
The Crimson Agility Team

Other Security Articles

On this page

  • Loading...

Popular Tags

recent posts

The Death of Browsing And Why Thatโ€™s Wrong

Agentic Commerce Is Not About AI

Crimson Agility Recognized Among Phoenixโ€™s Largest Private Companies by Phoenix Business Journal

Crimson Agility Named to 2025 Inc. 5000 List: Driving Ecommerce Growth in Specialized Industries

The Ultimate Guide to the Google Ads Grant Program (2025 Edition)

NEWSLETTER

Subscribe for latest resources

Commerce systems your team controls. Data AI can trust.

Powerful, scalable, and customer-centric commerce solutions tailored for your growth.

Subscribe for Latest Resources

Fill out the form below, and receive the latest in blogs, webinars and more.