Adobe、CISA針對Commerce及Magento重大漏洞提出警告,並指出已被用於攻擊行動
支付動態 · 2024-07-22
針對上個月修補的電子商務平臺Adobe Commerce及Magento Open Source重大漏洞CVE-2024-34102,一個月後傳出有人將其用於攻擊行動的情況,使得該公司呼籲用戶要儘速採取相關緩解措施因應
今年6月Adobe修補電子商務平臺Commerce及Magento Open Source的重大漏洞CVE-2024-34102,如今傳出這項漏洞已被用於攻擊行動的現象。
該漏洞發生的原因,在於XML外部實體參照的限制不當,而有可能導致任意程式碼執行。攻擊者可發送參照外部實體的XML檔案,從而觸發漏洞,過程中完全無須使用者互動,CVSS風險評分達到9.8。
上週三(7月18日)Adobe再度發布修補程式,並指出他們得知CVE-2024-34102已被用於攻擊行動的情況。對此,該公司呼籲IT人員,無論是否套用6月份推出的修補程式,都應該儘速套用他們這次發布的更新軟體,並且輪替加密金鑰。
值得留意的是,美國網路安全暨基礎設施安全局(CISA)也將CVE-2024-34102列入已被用於攻擊行動的漏洞(KEV)名冊,要求聯邦機構必須在8月7日前完成修補。
Popular articles
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
Gaming & Technology Expo Makes a Powerful Entrance in CDMX
Marketing
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
UK MPs reopen 2025 gambling inquiry as reform stalls
Regulation
Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking
HUIDU Focus
Indiana online casino bill stalls in House committee
Regulation
1spin4win grows its Latin American presence by partnering with Fortuna Juegos
Online Game
GGC Awards 2026 Shines in Colombo: Honoring Leaders and Innovators in the iGaming Industry
HUIDU Focus
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
