Magento Vulnerability to Payment Card Skimming Requires Immediate Update

Some Magento users integrate Magento ecommerce websites with Essent products and services.

These users, like all Magento users, are urged to install security patches without delay due to two Magento vulnerabilities that makes Magento prone to exploits including credit card skimming.

Essent is offering this information as a courtesy to its customers who use Magento products and services.

Essent does not directly provide products or services that include Magento. Essent systems including EssentOne™, SiteBuilder™, and the OrderTrax® Network, are not affected by the Magento issue.

The affected Magento versions are Magento 2.1 prior to 2.1.17, Magento 2.2 prior to 2.2.8 and Magento 2.3 prior to 2.3.1.

A SQL injection vulnerability known as PRODSECBUG-2198 allows hackers to take control of Magento administrative accounts which in turn can be used to install payment card skimming code.

A proof of concept for the exploit was published Friday, March, 29, 2019, and security experts predicted attacks are imminent.

Magento has made security patches 2.1.17, 2.2.8, and 2.3.1, available and recommends that users install the patches immediately.

Share This:
powered by Essent® • SiteBuilder Pro