Multiple Adobe Enterprise products Vulnerable To Code Execution
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Multiple Adobe Enterprise products such as Adobe Experience, Premier Pro, ColdFusion, Bridge, Lightroom, and Animate have been discovered with critical code execution vulnerabilities that were associated with Untrusted search path, Cross-site scripting, Out-of-bounds write, Use After free, Heap-based buffer overflow and many others.
Adobe has released multiple security advisories to address these vulnerabilities.
Among all of these products, Adobe Experience Manager had the highest number of vulnerabilities, accounting for 43 code execution vulnerabilities associated with Improper access control and cross-site scripting.
Vulnerability Analysis
According to the reports shared with Cyber Security News, successfully exploiting these vulnerabilities in any Adobe product will lead to arbitrary code execution, allowing a threat actor to perform any malicious activity on the compromised product.
Adobe Animate
This product had four vulnerabilities, three of which were related to memory leaks and one associated with arbitrary code execution (CVE-2024-20761).
This vulnerability exists due to an Out-of-bounds write condition on the Adobe Animate product, which a threat actor could exploit to perform write actions at the end or beginning of the intended buffer.
This vulnerability was given a severity of 7.8 (High).
Adobe Lightroom
This product had only one vulnerability, which was related to arbitrary code execution that exists due to an Untrusted search path.
This vulnerability was assigned with CVE-2024-20754, and its severity has yet to be categorized.
A threat actor could exploit this vulnerability and achieve code execution over the affected product.
Adobe Bridge
This product was discovered with four vulnerabilities in three of which were linked with arbitrary code execution vulnerabilities that existed due to Use after free, heap-based buffer overflow and Out-of-bounds write conditions on the vulnerable products.
These vulnerabilities were assigned with CVE-2024-20752 (7.8 – High), CVE-2024-20755 (7.8 – High), and CVE-2024-20756 (8.6 – High).
Adobe ColdFusion
This product was discovered with only one vulnerability that was related to Arbitrary file system read due to improper access control. However, there were no arbitrary code executions present in this product.
The only vulnerability was assigned with CVE-2024-20767 and the severity was given as 8.2 (High).
Adobe Premiere Pro
This product was discovered with two vulnerabilities both of which were related to arbitrary code execution due to Heap-based buffer overflow and Out-of-bounds write conditions.
These vulnerabilities were assigned with CVE-2024-20745 (7.8 – High) and CVE-2024-20746 (7.8 – High).
Adobe Experience Manager
As mentioned earlier, this product was the only product with the highest number of vulnerabilities. There were 43 arbitrary code execution vulnerabilities and 3 security bypass vulnerabilities.
All of the code execution vulnerabilities existed due to Cross-site scripting.
Among the three security bypass vulnerabilities, two of them were due to improper input validation and the other was due to improper access control.
Vulnerability CategoryVulnerability ImpactSeverityCVSS base scoreCVSS vectorCVE NumberCross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26028Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26030Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26031Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26032Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26033Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26034Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26035Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26038Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26040Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26041Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26042Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26043Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26044Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26045Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant4.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LCVE-2024-26048Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant4.5CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:NCVE-2024-26050Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26052Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26056Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26059Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26061Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26062Information Exposure (CWE-200)Security feature bypassImportant5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NCVE-2024-26063Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26064Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26065Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26067Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26069Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26073Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26080Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26094Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26096Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26102Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26103Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26104Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26105Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26106Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26107Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26118Improper Access Control (CWE-284)Security feature bypassImportant5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NCVE-2024-26119Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26120Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26124Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26125Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-20760Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-20768Improper Input Validation (CWE-20)Security feature bypassModerate3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NCVE-2024-26126Improper Input Validation (CWE-20)Security feature bypassModerate3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NCVE-2024-26127Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionModerate3.4CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:NCVE-2024-26051Source: Adobe
Affected Products
Affected ProductVersionPlatformAdobe Animate 202323.0.3 and earlier versionsWindows and macOSAdobe Animate 202424.0 and earlier versionsWindows and macOSLightroom 7.1.2 and earlier versions macOSAdobe Bridge 13.0.5 and earlier versions Windows and macOSAdobe Bridge 14.0.1 and earlier versions Windows and macOSColdFusion 2023Update 6 and earlier versionsAllColdFusion 2021Update 12 and earlier versionsAllAdobe Premiere Pro 24.1 and earlier versionsWindows and macOSAdobe Premiere Pro 23.6.2 and earlier versionsWindows and macOSAdobe Experience Manager (AEM)AEM Cloud Service (CS)All6.5.19.0 and earlier versions All
Fixed In Versions
Product Version Platform Priority Availability Adobe Animate 2023 23.0.4Windows and macOS3Download Center Adobe Animate 2024 24.0.1Windows and macOS3Download Center Lightroom 7.2macOS as published in the Apple App Store. 3Download CenterAdobe Bridge 13.0.6Windows and macOS 3Download Page Adobe Bridge 14.0.2Windows and macOS 3Download Page ColdFusion 2023Update 7All3Tech NoteColdFusion 2021Update 13All3Tech NoteAdobe Premiere Pro24.2.1Windows and macOS3Download Center Adobe Premiere Pro23.6.4Windows and macOS3Download Center Adobe Experience Manager (AEM) AEM Cloud Service Release 2024.03 All3Release Notes6.5.20.0All3AEM 6.5 Service Pack Release Notes
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
#Cyber_Security #Vulnerability #adobe #Code_Execution #Vulnerabilities
Оригинальная версия на сайте:
Multiple Adobe Enterprise products Vulnerable To Code Execution
Author: Guru BaranMultiple Adobe Enterprise products such as Adobe Experience, Premier Pro, ColdFusion, Bridge, Lightroom, and Animate have been discovered with critical code execution vulnerabilities that were associated with Untrusted search path, Cross-site scripting, Out-of-bounds write, Use After free, Heap-based buffer overflow and many others.
Adobe has released multiple security advisories to address these vulnerabilities.
Among all of these products, Adobe Experience Manager had the highest number of vulnerabilities, accounting for 43 code execution vulnerabilities associated with Improper access control and cross-site scripting.
Vulnerability Analysis
According to the reports shared with Cyber Security News, successfully exploiting these vulnerabilities in any Adobe product will lead to arbitrary code execution, allowing a threat actor to perform any malicious activity on the compromised product.
Adobe Animate
This product had four vulnerabilities, three of which were related to memory leaks and one associated with arbitrary code execution (CVE-2024-20761).
This vulnerability exists due to an Out-of-bounds write condition on the Adobe Animate product, which a threat actor could exploit to perform write actions at the end or beginning of the intended buffer.
This vulnerability was given a severity of 7.8 (High).
Adobe Lightroom
This product had only one vulnerability, which was related to arbitrary code execution that exists due to an Untrusted search path.
This vulnerability was assigned with CVE-2024-20754, and its severity has yet to be categorized.
A threat actor could exploit this vulnerability and achieve code execution over the affected product.
Adobe Bridge
This product was discovered with four vulnerabilities in three of which were linked with arbitrary code execution vulnerabilities that existed due to Use after free, heap-based buffer overflow and Out-of-bounds write conditions on the vulnerable products.
These vulnerabilities were assigned with CVE-2024-20752 (7.8 – High), CVE-2024-20755 (7.8 – High), and CVE-2024-20756 (8.6 – High).
Adobe ColdFusion
This product was discovered with only one vulnerability that was related to Arbitrary file system read due to improper access control. However, there were no arbitrary code executions present in this product.
The only vulnerability was assigned with CVE-2024-20767 and the severity was given as 8.2 (High).
Adobe Premiere Pro
This product was discovered with two vulnerabilities both of which were related to arbitrary code execution due to Heap-based buffer overflow and Out-of-bounds write conditions.
These vulnerabilities were assigned with CVE-2024-20745 (7.8 – High) and CVE-2024-20746 (7.8 – High).
Adobe Experience Manager
As mentioned earlier, this product was the only product with the highest number of vulnerabilities. There were 43 arbitrary code execution vulnerabilities and 3 security bypass vulnerabilities.
All of the code execution vulnerabilities existed due to Cross-site scripting.
Among the three security bypass vulnerabilities, two of them were due to improper input validation and the other was due to improper access control.
Vulnerability CategoryVulnerability ImpactSeverityCVSS base scoreCVSS vectorCVE NumberCross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26028Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26030Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26031Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26032Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26033Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26034Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26035Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26038Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26040Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26041Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26042Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26043Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26044Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26045Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant4.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LCVE-2024-26048Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant4.5CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:NCVE-2024-26050Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26052Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26056Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26059Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26061Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26062Information Exposure (CWE-200)Security feature bypassImportant5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NCVE-2024-26063Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26064Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26065Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26067Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26069Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26073Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26080Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26094Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26096Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26102Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26103Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26104Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26105Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26106Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26107Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26118Improper Access Control (CWE-284)Security feature bypassImportant5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NCVE-2024-26119Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26120Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26124Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-26125Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-20760Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionImportant5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVE-2024-20768Improper Input Validation (CWE-20)Security feature bypassModerate3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NCVE-2024-26126Improper Input Validation (CWE-20)Security feature bypassModerate3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NCVE-2024-26127Cross-site Scripting (Stored XSS) (CWE-79)Arbitrary code executionModerate3.4CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:NCVE-2024-26051Source: Adobe
Affected Products
Affected ProductVersionPlatformAdobe Animate 202323.0.3 and earlier versionsWindows and macOSAdobe Animate 202424.0 and earlier versionsWindows and macOSLightroom 7.1.2 and earlier versions macOSAdobe Bridge 13.0.5 and earlier versions Windows and macOSAdobe Bridge 14.0.1 and earlier versions Windows and macOSColdFusion 2023Update 6 and earlier versionsAllColdFusion 2021Update 12 and earlier versionsAllAdobe Premiere Pro 24.1 and earlier versionsWindows and macOSAdobe Premiere Pro 23.6.2 and earlier versionsWindows and macOSAdobe Experience Manager (AEM)AEM Cloud Service (CS)All6.5.19.0 and earlier versions All
Fixed In Versions
Product Version Platform Priority Availability Adobe Animate 2023 23.0.4Windows and macOS3Download Center Adobe Animate 2024 24.0.1Windows and macOS3Download Center Lightroom 7.2macOS as published in the Apple App Store. 3Download CenterAdobe Bridge 13.0.6Windows and macOS 3Download Page Adobe Bridge 14.0.2Windows and macOS 3Download Page ColdFusion 2023Update 7All3Tech NoteColdFusion 2021Update 13All3Tech NoteAdobe Premiere Pro24.2.1Windows and macOS3Download Center Adobe Premiere Pro23.6.4Windows and macOS3Download Center Adobe Experience Manager (AEM) AEM Cloud Service Release 2024.03 All3Release Notes6.5.20.0All3AEM 6.5 Service Pack Release Notes
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
#Cyber_Security #Vulnerability #adobe #Code_Execution #Vulnerabilities
Оригинальная версия на сайте:
