Adobe Monthly Security Update (October 2023)
Release Date: 11 Oct 2023
RISK: Medium Risk
TYPE: Clients - Productivity Products
Adobe has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes | Details (including CVE) |
| Adobe Bridge |  Low Risk | Information Disclosure | APSB23-49 | |
| Adobe Commerce |  Medium Risk | Elevation of Privilege Cross-site Scripting Security Restriction Bypass Remote Code Execution Denial of Service Information Disclosure | APSB23-50 | |
| Adobe Photoshop | Low Risk | Remote Code Execution | APSB23-51 |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 1
Number of 'Low Risk' product(s): 2
Evaluation of overall 'Risk Level': Medium Risk
Impact
- Remote Code Execution
- Denial of Service
- Cross-Site Scripting
- Information Disclosure
- Elevation of Privilege
- Security Restriction Bypass
System / Technologies affected
- Adobe Bridge 12.0.4 and earlier versions
- Adobe Bridge 13.0.3 and earlier versions
- Adobe Commerce 2.4.7-beta1 and earlier versions
- Adobe Commerce 2.4.6-p2 and earlier versions
- Adobe Commerce 2.4.5-p4 and earlier versions
- Adobe Commerce 2.4.4-p5 and earlier versions
- Adobe Commerce 2.4.3-ext-4 and earlier versions
- Adobe Commerce 2.4.2-ext-4 and earlier versions
- Adobe Commerce 2.4.1-ext-4 and earlier versions
- Adobe Commerce 2.4.0-ext-4 and earlier versions
- Adobe Commerce 2.3.7-p4-ext-4 and earlier versions
- Magento Open Source 2.4.7-beta1 and earlier versions
- Magento Open Source 2.4.6-p2 and earlier versions
- Magento Open Source 2.4.5-p4 and earlier versions
- Magento Open Source 2.4.4-p5 and earlier versions
- Adobe Photoshop 2022 23.5.5 and earlier versions
- Adobe Photoshop 2023 24.7 and earlier versions
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update
沒有留言:
發佈留言