Klarna Docs - Security Advisory: Adobe Commerce / Magento Open Source vulnerability

Security Advisory: Adobe Commerce / Magento Open Source vulnerability

On February 13, 2022, Adobe issued a security advisory regarding a critical bug discovered in their Adobe Commerce and Magento Open Source. 

While this vulnerability is not related to any Klarna developed or supported plugins, as a merchant using one of these platforms, we would like to make you aware that Adobe has released software updates that should be installed as soon as possible to avoid you being compromised. 

The risk to you: Groups like Magecart regularly target unpatched versions of Magento. Successful exploitation of the vulnerability could result in an attacker gaining complete control of your e-commerce site, resulting in fraud, identity theft, or ransomware attacks.

Affected versions: 

  • Adobe Commerce (2.4.3-p1 and 2.3.7-p2 and earlier versions)
  • Magento Open Source (2.4.3-p1 and 2.3.7-p2 and earlier versions)

** Note that Adobe Commerce 2.3.3 and lower are not affected. 

Immediate action to take: To mitigate this vulnerability, install the latest security update from Adobe

The best way to reduce the risk of being comprised is to follow security best practices. You can find Klarna Checkout security recommendations here

And remember, if you see anything suspicious, the checkout looks weird, or you detect anomalies in your transaction processing - reach out to your established Klarna contact (for example delivery manager or merchant support) or Merchant Support team immediately.