Adobe Commerce Details

    Organization Logo

    Adobe Commerce

    San Jose, California25000 employees • Technology

    https://business.adobe.com/products/magento/magento-commerce.html
    United States

    Industry

    Technology

    Security Incidents

    1

    Adobe Commerce, formerly known as Magento, is a leading e-commerce platform that provides businesses with the tools to create, manage, and enhance their online stores. The primary purpose of Adobe Commerce is to offer a comprehensive and flexible e-commerce solution that enables retailers to build robust online presences. It supports a wide range of features including catalog management, search engine optimization, and seamless checkout processes, catering to businesses of various sizes and sectors.

    The platform originated with the founding of Magento in 2008, which quickly gained prominence ...
    Show more

    Security Incidents

    Adobe Commerce Breach of Jun 2024
    Severity Score
    High

    Type

    Data Breach

    Summary

    On October 4, 2024, it was reported that several well-known brands, including Ray-Ban, National Geographic, Whirlpool, and Segway, experienced breaches of their web stores due to the CosmicSting vulnerability, CVE-2024-34102. This vulnerability, identified in Adobe's Commerce and Magento software, allows cybercriminals to tamper with webpage content, enabling them to siphon off sensitive user data quietly. The flaw, rated 9.8 on the CVSS scale, is an unauthenticated XML External Entity (XXE) vulnerability that attackers exploited by embedding malicious JavaScript into checkout pages, aiming to...
    Show more

    Severity

    The CosmicSting vulnerability, CVE-2024-34102, is a severe security flaw exploited in Adobe's Commerce and Magento software that enabled cybercriminals to compromise a significant number of online stores, including high-profile brands like Ray-Ban and National Geographic, to steal shoppers' payment information. This flaw allowed attackers to inject malicious JavaScript into checkout pages to capture sensitive customer data and had the potential to escalate with remote code execution when combined with another high-severity vulnerability. The exploitation affected approximately 5% of all Magent...
    Show more

    Impact

    The CosmicSting vulnerability, identified as CVE-2024-34102, posed a serious threat to online web stores running Adobe's Commerce and Magento frameworks, making it primarily a data breach. The exploitation of this vulnerability enabled cybercriminals to inject malicious JavaScript into checkout pages, thereby compromising customer payment card information and other sensitive data entered during the purchasing process. A significant portion of affected merchants had not completely mitigated the flaw by merely removing malware without changing cryptographic keys, leaving them open to potential r...
    Show more

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos