Home / Vulnerabilities / CVE-2022-24086
CRITICAL SEVERITY
CVE-2022-24086 Adobe · Commerce and Magento Open Source

Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability

Technical Severity

CVSS v3.1 Metrics

CRITICAL
9.8 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

93.78 %
Predictive Probability
Percentile Rank
99.8 th

Documented as more likely to be exploited than 99.8% of known CVEs.

Detection Date

Feb 15, 2022

Remediation Due

Mar 01, 2022

CISA Catalog Active

Threat Analysis

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.

Remediation Directive

Apply updates per vendor instructions.

External Intelligence

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2022-24086