Information about APSB22-12

As you have probably already learned from the relevant media, a critical security vulnerability (ZERO-Day) has become known for Magento 2. Under the designation APSB22-12, the vulnerability CVE-2022-24086 is listed, which is already actively exploited.

This vulnerability can be exploited directly without credentials. So if you are currently already migrating to Magento 2, please make sure that you have installed the patches from Adobe at https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12

There is no danger for your Magento 1 store according to the current assessment. We have examined the program code and could not find any similarities so far. Together with our partners, we continue to investigate the attacks and the program code of Magento 1 for possible points of attack and will inform you immediately if new findings emerge.

If you want to know more about the vulnerability, see the research documents of our partner sansec: https://sansec.io/research/magento-2-cve-2022-24086.