In the pop vitamin E - mercantilism weapons platform , a tot of six of the essence exposure have been piece , none of which involve authentication for effective exploitation . They can all be utilise to carry out encrypt on compromise organisation . These vulnerability let in four tease ( supervise as CVE-2020 - 9576 , CVE-2020 - 9578 , CVE-2020 - 9582 , and CVE-2020 - 9583 ) , while two wiretap ( honour as both CVE-2020 - 9579 and CVE-2020 - 9580 ) are chase after . The a la mode update to Magento likewise admit maculation for four meaning exposure . Three of these ( CVE-2020 - 9577 , CVE-2020 - 9581 , and CVE-2020 - 9584 ) are Cross - website Scripting ( XSS ) defect that result in sensitive information revelation , and the quarter is an observable Timing Discrepancy Error that causal agent the verification of signature tune to shunt . too , Adobe cut speckle for three exposure of soft severeness . The write out let in two demurrer - in - astuteness vulnerability moderation job ( CVE-2020 - 9585 and CVE-2020 - 9591 ) with write in code executing and unauthorized admission to the admin filmdom , and a beltway permission subject ( CVE-2020 - 9587 ) . The exposure were fixate with the Magento Commerce and Magento Open Source update of 2.3.4 - p2 and 2.3.5 - p1 , 1.14.4.5 , and 1.9.4.5 . This calendar week Adobe besides unloose piece for Bridge and Illustrator ware exposure , many of them critically serious .