Adobe Monthly Security Update (March 2024)
Release Date: 13 Mar 2024
RISK: Medium Risk
TYPE: Clients - Productivity Products
Adobe has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes | Details (including CVE) |
| Adobe Experience Manager |  Medium Risk | Cross-site Scripting Remote Code Execution Security Restriction Bypass | APSB24-05 | |
| Adobe Premiere Pro | Medium Risk | Remote Code Execution | APSB24-12 | |
| Adobe ColdFusion | Medium Risk | Information Disclosure | APSB24-14 | |
| Adobe Bridge | Medium Risk | Remote Code Execution Information Disclosure | APSB24-15 | |
| Adobe Lightroom | Medium Risk | Remote Code Execution | APSB24-17 | |
| Adobe Animate | Medium Risk | Remote Code Execution Information Disclosure | APSB24-19 |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 6
Number of 'Low Risk' product(s): 0
Evaluation of overall 'Risk Level': Medium Risk
Impact
- Remote Code Execution
- Security Restriction Bypass
- Cross-Site Scripting
- Information Disclosure
System / Technologies affected
- Adobe Experience Manager (AEM) AEM Cloud Service (CS)
- Adobe Experience Manager (AEM) 6.5.19.0 and earlier versions
- Adobe Premiere Pro 24.1 and earlier versions
- Adobe Premiere Pro 23.6.2 and earlier versions
- ColdFusion 2023 Update 6 and earlier versions
- ColdFusion 2021 Update 12 and earlier versions
- Adobe Bridge 13.0.5 and earlier versions
- Adobe Bridge 14.0.1 and earlier versions
- Lightroom 7.1.2 and earlier versions
- Adobe Animate 2023 23.0.3 and earlier versions
- Adobe Animate 2024 24.0 and earlier versions
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update
沒有留言:
發佈留言