Some Magento users integrate Magento ecommerce websites with Essent products and services.
These users, like all Magento users, are urged to install security patches without delay due to two Magento vulnerabilities that makes Magento prone to exploits including credit card skimming.
Essent is offering this information as a courtesy to its customers who use Magento products and services.
Essent does not directly provide products or services that include Magento. Essent systems including EssentOne™, SiteBuilder™, and the OrderTrax® Network, are not affected by the Magento issue.
The affected Magento versions are Magento 2.1 prior to 2.1.17, Magento 2.2 prior to 2.2.8 and Magento 2.3 prior to 2.3.1.
A SQL injection vulnerability known as PRODSECBUG-2198 allows hackers to take control of Magento administrative accounts which in turn can be used to install payment card skimming code.
A proof of concept for the exploit was published Friday, March, 29, 2019, and security experts predicted attacks are imminent.
Magento has made security patches 2.1.17, 2.2.8, and 2.3.1, available and recommends that users install the patches immediately.
Get the latest Essent Support Notices delivered right to your email inbox.
Essent is the leading provider of fully-integrated business management software solutions and services for process-intensive industries and the largest trading network for the promotional products industry. The Essent family of fully-integrated products and services combines best practices, business processes, software automation, and network communications to deliver unparalleled, unified business management solutions. Since 1980, Essent has offered the systems, service, software, and support critical to success in today's highly-competitive marketplace.