1. Home
2. Reference documentation
3. Changelog
4. 2023
5. October 2023

An insecure direct object reference (IDOR) vulnerability has been found in Adobe Commerce and Magento Open Source and has been assigned CVE-2023-38218. Fastly has created a virtual patch for it that is now available within your account. To activate it and add protection to your services:

1. Log in to the Next-Gen WAF control panel.

2. From the Sites menu, select a site if you have more than one site.

3. From the Rules menu, select Templated Rules.
4. In the search bar, enter CVE-2023-38218 and then click View for the CVE-2023-38218 templated rule.
5. Click Configure and then Add trigger.
6. Select the Block requests from an IP immediately if the CVE-2023-38218 signal is observed checkbox.
7. Click Update rule.