Adobe Monthly Security Update (March 2023)
Release Date: 15 Mar 2023
RISK: High Risk
TYPE: Clients - Productivity Products
Adobe has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes | Details (including CVE) |
| Magento |  Medium Risk | Information Disclosure Cross-site Scripting Remote Code Execution Security Restriction Bypass | APSB23-17 | |
| Adobe Experience Manager | Medium Risk | Cross-site Scripting Remote Code Execution Security Restriction Bypass Elevation of Privilege | APSB23-18 | |
| Adobe Illustrator | Medium Risk | Remote Code Execution Information Disclosure | APSB23-19 | |
| Adobe Dimension | Medium Risk | Remote Code Execution Information Disclosure | APSB23-20 | |
| Adobe Creative Cloud Desktop Application | Medium Risk | Remote Code Execution | APSB23-21 | |
| Adobe Substance 3D Stager | Medium Risk | Remote Code Execution Information Disclosure | APSB23-22 | |
| Adobe Photoshop | Medium Risk | Remote Code Execution | APSB23-23 | |
| Adobe ColdFusion |  High Risk | Remote Code Execution Information Disclosure | is being exploited in the wild | APSB23-25 |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 1
Number of 'Medium Risk' product(s): 7
Number of 'Low Risk' product(s): 0
Evaluation of overall 'Risk Level': High Risk
Impact
- Cross-Site Scripting
- Elevation of Privilege
- Information Disclosure
- Remote Code Execution
- Denial of Service
- Security Restriction Bypass
System / Technologies affected
- Adobe Commerce 2.4.4-p2 and earlier versions
- Adobe Commerce 2.4.5-p1 and earlier versions
- Magento Open Source 2.4.4-p2 and earlier versions
- Magento Open Source 2.4.5-p1 and earlier versions
- Adobe Experience Manager (AEM) AEM Cloud Service (CS)
- Adobe Experience Manager (AEM) 6.5.15.0 and earlier versions
- Illustrator 2023 27.2.0 and earlier versions
- Adobe Dimension 3.4.7 and earlier versions
- Creative Cloud Desktop Application 5.9.1 and earlier versions
- Adobe Substance 3D Stager 2.0.0 and earlier versions
- Photoshop 2022 23.5.3 and earlier versions
- Photoshop 2023 24.1.1 and earlier versions
- ColdFusion 2018 Update 15 and earlier versions
- ColdFusion 2021 Update 5 and earlier versions
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update
沒有留言:
發佈留言