CosmicSting is a critical vulnerability affecting Adobe Commerce and Magento stores. Identified as CVE-2024-34102, it allows unauthorized access to private server files and remote code execution, even without user interaction. Although Adobe has released a dedicated security patch, only 25% of online stores have applied the fix so far. Attack methods and emergency countermeasures are well-documented, but it is crucial for store owners to apply the provided patches promptly to avoid compromise.
| Product | Magento, Adobe Commerce |
| Date | 2024-08-02 14:44:16 |
Technical Summary
The CosmicSting attack is a severe vulnerability affecting Adobe Commerce and Magento stores, allowing unauthorized access to private files and remote code execution. Known as CVE-2024-34102, it has a high severity score of 9.8 and can be exploited without user interaction. Despite a critical fix being released, only 25% of stores have applied the patch. Attack patterns and emergency fixes are detailed, with Adobe providing isolated security patches to address the issue. Store owners are urged to apply these fixes urgently to prevent attacks.
[Callforaction-THREAT-Footer]
