Get upto 15% discount on Magento extensions & Themes. Join Now - Limited Period Offer!

SUPEE-9767 – New Magento Security Update and Patch

Security Patch 9767

With increasing innovation in technology field, chances for data getting hacked or leaked is also increasing simultaneously. These security issues additionally occurs with Magento stage as well. These issues cause loss of data, spamming loss of credentials and so forth. To determine such issues confronted by Magento platform and maintain its performance, several upgrades are released by Magento team. This gives a tool to keep your store safe and secure.

The upgrades which are released to solve the security isssues of your Magento shop. At whatever point a security patch becomes available, a warning is sent to every one of the dealers in their admin inbox. You can think about the security vulnerabilities by checking Magento shop.

Patches and upgrades are available for the following Magento versions:

  • Enterprise Edition 1.9.0.0-1.14.3.2: SUPEE-9767 or upgrade to Enterprise Edition 1.14.3.3
  • Community Edition 1.5.0.1-1.9.3.2: SUPEE- 9767 or upgrade to community edition 1.9.3.3

Best 16 APPSEC Security Upates for Magento Community and Enterprise Editions. Implement and test it for the best security of your Magento based website.

APPSEC-1281: Remote code execution through symlinks

Product(s) Affected: Magento CE prior to 1.9.3.3, and Magento EE prior to 1.14.3.3

APPSEC-1777: Remote Code Execution in DataFlo

Product(s) Affected: Magento CE prior to 1.9.3.3, and Magento EE prior to 1.14.3.3

APPSEC-1686: Remote Code Execution in the Admin panel

Product(s) Affected: Magento CE prior to 1.9.3.3, and Magento EE prior to 1.14.3.3, Magento 2.0 prior to 2.0.14, Magento 2.1 prior to 2.1.7

APPSEC-1320: SQL injection in Visual Merchandiser (Enterprise Edition)

Product(s) Affected: Magento EE prior to 1.14.3.3

APPSEC-1634: XSS in data fields

Product(s) Affected: Magento CE prior to 1.9.3.3, and Magento EE prior to 1.14.3.3

APPSEC-1759: XSS in Admin panel configuration

Product(s) Affected: Magento CE prior to 1.9.3.3, and Magento EE prior to 1.14.3.3

APPSEC-1549: CSRF after logout – form key not invalidated

Product(s) Affected: Magento CE prior to 1.9.3.3, and Magento EE prior to 1.14.3.3

APPSEC-1693: Bypassing ACLs in store configuration permissions

Product(s) Affected: Magento CE prior to 1.9.3.3, and Magento EE prior to 1.14.3.3

APPSEC-1677: Local File Disclosure for admin users with access to dataflow

Product(s) Affected: Magento CE prior to 1.9.3.3, and Magento EE prior to 1.14.3.3

APPSEC-1546: CSRF Vulnerability in Checkout feature

Product(s) Affected: Magento CE prior to 1.9.3.3, and Magento EE prior to 1.14.3.3

APPSEC-1597: Potential for user name enumeration

Product(s) Affected: Magento CE prior to 1.9.3.3, and Magento EE prior to 1.14.3.3

APPSEC-1695: CSRF cache management

Product(s) Affected: Magento CE prior to 1.9.3.3, and Magento EE prior to 1.14.3.3

APPSEC-1324: Customer passwords exposed in logs

Product(s) Affected: Magento CE prior to 1.9.3.3, and Magento EE prior to 1.14.3.3

APPSEC-1675: Cross-site Request Forgery Vulnerability in Enterprise Edition (EE) Invites

Product(s) Affected: Magento EE prior to 1.14.3.3

APPSEC-1659: Vulnerabilities in JavaScript libraries

Product(s) Affected: Magento CE prior to 1.9.3.3, and Magento EE prior to 1.14.3.3, Magento 2.0 prior to 2.0.14, Magento 2.1 prior to 2.1.7

APPSEC-1622: Incorrect routing of requests

Product(s) Affected: Magento CE prior to 1.9.3.3, and Magento EE prior to 1.14.3.3, Magento 2.0 prior to 2.0.14, Magento 2.1 prior to 2.1.7

This security patch ensures that once the user is logged out from his account, it ensure that the sessions have been invalidated. Along with this, all the above-stated security issues has been addressed with the solutions which are durable.

Like this information? Want the detail information about this security upates?

Visit: https://magento.com/security/patches/supee-9767

About MageMarketing

MageMarketing.us is a great Magento Extension market place where you can get numerous extensions at the highly discounted rates. Here, there are multiple Magento extensions by different developers and sellers that can assist the clients to foster their online business growth.
Tagged with:
  • community edition 1.9.3.3
  • Enterprise edition 1.14.3.3
  • latest magento news
  • magento news
  • Magento secutity patch
  • Magento team
  • Magento updates
  • secure magento website
  • security patches
  • security updates for magento website
  • secuty patch supee-9767
  • supee 9767

1 thought on “SUPEE-9767 – New Magento Security Update and Patch”

Leave a Reply

Your email address will not be published. Required fields are marked *

support
icon
Need Help?
Close
menu-icon
Support Ticket