Skip links
Adobe Commerce 2.4.7: Addressing the CosmicSting Vulnerability

Adobe Commerce 2.4.7: Addressing the CosmicSting Vulnerability

Adobe Commerce 2.4.7 is the latest release of Adobe’s e-commerce platform, which is designed to enhance security, performance, and scalability for online retailers. As security challenges have become a crucial element for e-commerce businesses, the new version added with a lot of security updates that might resolve previous vulnerabilities and bugs. 

This version is particularly important as it addresses critical vulnerabilities, including the CosmicSting flaw, which has been one of the most critical security issues in recent years. Let’s find out how this bug affected e-commerce and a new update resolves it.

What Is CosmicSting Flaw & How Dangerous It Is?

The CosmicSting vulnerability, also known as CVE-2024-34102, has affected numerous versions of Adobe Commerce and Magento platforms. The CosmicSting flaw allows hackers to read private files on the server, which can include sensitive data such as passwords.

When combined with the iconv bug, it can enable attackers to execute arbitrary code remotely. This flaw prompts a critical threat to e-commerce sites.

The flaw was rated critical with a CVSS score of 9.8, making it one of the most severe vulnerabilities in recent years for Adobe Commerce and Magento platforms

This flaw allows attackers to exploit XML external entity injection (XXE) and potentially execute remote code, posing a significant risk to e-commerce sites. The affected versions include:

  • Adobe Commerce: Versions up to 2.4.7, including 2.4.6-p5, 2.4.5-p7, 2.4.4-p8
  • Adobe Commerce Extended Support: Versions up to 2.4.3-ext-7 and earlier
  • Magento Open Source: Versions up to 2.4.7
  • Adobe Commerce Webhooks Plugin: Versions 1.2.0 to 1.4.0

How Adobe Commerce 2.4.7 Resolves It

Adobe Commerce 2.4.7 addresses the CosmicSting vulnerability by incorporating critical security patches that mitigate the risk of XXE and remote code execution attacks. The update includes fixes that prevent unauthorized access to private files and block potential attacks that could exploit the iconv bug in Linux systems.

Solution Provided In New Update

To protect against the CosmicSting flaw, Adobe has released patches in the given versions:

  • Adobe Commerce: 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9
  • Adobe Commerce Extended Support: 2.4.3-ext-8 and later
  • Magento Open Source: 2.4.7-p1 and later
  • Adobe Commerce Webhooks Plugin: Version 1.5.0

E-commerce platform administrators and business holders are advised to apply these updates immediately to secure their sites against such vulnerability.

Benefits of Adobe Commerce 2.4.7

Updating to Adobe Commerce 2.4.7 not only secures platforms against the CosmicSting vulnerability but also brings many benefits. Such as:

  1. Enhanced security:- The update provides robust protection against critical vulnerabilities, ensuring safer transactions and data protection.
  2. Improved performance:- Adobe Commerce 2.4.7 includes performance enhancements that allow better handling of large data sets and complex operations.
  3. Scalability:- The platform can now support a higher volume of transactions and larger databases. This makes it suitable for growing businesses.
  4. Compliance:- The update helps maintain compliance with industry standards and regulations by addressing known security flaws promptly.

Boosting Security with Enhanced OTP and B2B Compatibility

1. Update One-Time Password (OTP) Settings

To address an error introduced by a backward-incompatible change in version 2.4.7, Adobe Commerce has updated the one-time password (OTP) settings for Google Authenticator. 

The description of the OTP Window field now accurately explains the setting, and the default value has been changed from 1 to 29. This change helps enhance the security and usability of the authentication process.

2. B2B Version Compatibility

For merchants using the Adobe Commerce B2B extension, it is crucial to upgrade to B2B version 1.4.2-p1 to ensure compatibility with Commerce version 2.4.7-p1. This upgrade ensures that all functionalities and integrations work smoothly.

As every major to minute product is now available on the internet, user safety must be paramount for e-commerce businesses. By upgrading to Adobe Commerce 2.4.7, businesses can ensure their e-commerce platforms remain secure, reliable, and efficient. This will help them maintain customer trust and protect their digital assets.

However, it is advisable to consult e-commerce development services to find additional details about vulnerabilities like the CosmicSting flaw and how to resolve them.

Also Read : Adobe Commerce: Let’s Overcome Your B2B E-commerce Challenges

Tags: