Adobe Monthly Security Update (September 2022)
Release Date: 14 Sep 2022
RISK: Medium Risk
TYPE: Clients - Productivity Products
Adobe has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes | Details (including CVE) |
| Adobe Experience Manager |  Medium Risk | Cross-site Scripting Remote Code Execution Security Restriction Bypass | APSB22-40 | |
| Adobe Bridge | Medium Risk | Remote Code Execution Information Disclosure | APSB22-49 | |
| Adobe InDesign | Medium Risk | Information Disclosure Remote Code Execution | APSB22-50 | |
| Adobe Photoshop | Medium Risk | Remote Code Execution Information Disclosure | APSB22-52 | |
| Adobe InCopy | Medium Risk | Remote Code Execution Information Disclosure | APSB22-53 | |
| Adobe Animate | Medium Risk | Remote Code Execution | APSB22-54 | |
| Adobe Illustrator | Medium Risk | Remote Code Execution Information Disclosure | APSB22-55 |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 7
Number of 'Low Risk' product(s): 0
Evaluation of overall 'Risk Level': Medium Risk
Impact
- Cross-Site Scripting
- Remote Code Execution
- Information Disclosure
- Security Restriction Bypass
System / Technologies affected
- Adobe Experience Manager (AEM) AEM Cloud Service (CS)
- Adobe Experience Manager (AEM) 6.5.13.0 and earlier versions
- Adobe Bridge 12.0.2 and earlier versions
- Adobe Bridge 11.1.3 and earlier versions
- Adobe InDesign 17.3 and earlier versions
- Adobe InDesign 16.4.2 and earlier versions
- Photoshop 2021 22.5.8 and earlier versions
- Photoshop 2022 23.4.2 and earlier versions
- Adobe InCopy 17.3 and earlier versions
- Adobe InCopy 16.4.2 and earlier versions
- Adobe Animate 2021 21.0.11 and earlier versions
- Adobe Animate 2022 22.0.7 and earlier versions
- Illustrator 2022 26.4 and earlier versions
- Illustrator 2021 25.4.7 and earlier versions
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update
沒有留言:
發佈留言