TR-19-251 (Magento Güvenlik Güncellemesi Yayınladı)

Genel Bilgi

Magento, 2.3 ve öncesi versiyonlarında tespit edilen RCE, SQL injection ve ACE zaafiyetlerini gidermek için güvenlik güncellemelerini yayınladı.

Etki

Mevcut güvenlik açıklıkları nedeniyle Magento içerik yönetim sistemini kullanan websitelerinin siber saldırganlar tarafından ele geçirilmesi veya içeriğin tahribata uğratılması ihtimal dâhilindedir.

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcı ve sistem yöneticilerine; Magento tarafından yayınlanan güvenlik önerilerini incelemelerini ve Magento versiyonlarını 2.3.3 yükseltmelerini tavsiye etmektedir.

Kaynaklar

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8090

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8091

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8109

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8110

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8111

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8114

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8119

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8122

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8125

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8127

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8130

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8134

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8137

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8141

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8143

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8150

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8151

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8154

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8159

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8230

2019-11-06