mickmick.net

Adobe Monthly Security Update (June 2023)

Release Date: 14 Jun 2023

RISK: Medium Risk

TYPE: Clients - Productivity Products

Adobe has released monthly security update for their products:

 

Vulnerable Product	Risk Level	Impacts	Notes	Details (including CVE)
Adobe Experience Manager	Medium Risk	Cross-site Scripting Remote Code Execution Security Restriction Bypass		APSB23-31
Magento	Medium Risk	Security Restriction Bypass Information Disclosure Cross-site Scripting Remote Code Execution		APSB23-35
Adobe Animate 2022	Medium Risk	Remote Code Execution		APSB23-36
Adobe Animate 2023	Medium Risk	Remote Code Execution		APSB23-36
Adobe Substance 3D Designer	Medium Risk	Remote Code Execution		APSB23-39
Adobe Commerce	Medium Risk	Security Restriction Bypass Information Disclosure Cross-site Scripting Remote Code Execution		APSB23-35

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 6

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Medium Risk

---

Impact

• Remote Code Execution
• Information Disclosure
• Cross-Site Scripting
• Security Restriction Bypass

---

System / Technologies affected

• Adobe Experience Manager (AEM) AEM Cloud Service (CS)
• Adobe Experience Manager (AEM) 6.5.16.0 and earlier versions
• Adobe Commerce 2.4.6 and earlier versions
• Adobe Commerce 2.4.5-p2 and earlier
• Adobe Commerce 2.4.4-p3 and earlier
• Adobe Commerce 2.4.3-ext-2 and earlier
• Adobe Commerce 2.3.7-p4-ext-2 and earlier
• Magento Open Source 2.4.6 and earlier versions
• Magento Open Source 2.4.5-p2 and earlier
• Magento Open Source 2.4.4-p3 and earlier
• Adobe Animate 2022 22.0.9 and earlier versions
• Adobe Animate 2023 23.0.1 and earlier versions
• Adobe Substance 3D Designer 12.4.1 and earlier versions

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update

---

Vulnerability Identifier

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=53&year=2023&month=6

 

---

Source

• Adobe

---

Related Link

• https://helpx.adobe.com/security/security-bulletin.html