2024年4月10日星期三

Adobe Monthly Security Update (April 2024)

Release Date: 10 Apr 2024

RISK: Medium Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

Adobe has released monthly security update for their products:

Vulnerable Product	Risk Level	Impacts	Notes	Details (including CVE)
Adobe After Effects	Medium Risk	Information Disclosure		APSB24-09
Adobe Photoshop	Medium Risk	Information Disclosure		APSB24-16
Adobe Commerce and Magento	Medium Risk	Remote Code Execution Cross-site Scripting		APSB24-18
Adobe InDesign	Medium Risk	Information Disclosure		APSB24-20
Adobe Experience Manager	Medium Risk	Cross-site Scripting Remote Code Execution Security Restriction Bypass		APSB24-21
Adobe Media Encoder	Medium Risk	Remote Code Execution		APSB24-23
Adobe Bridge	Medium Risk	Information Disclosure		APSB24-24
Adobe Illustrator	Medium Risk	Information Disclosure		APSB24-25
Adobe Animate	Medium Risk	Remote Code Execution Information Disclosure Denial of Service		APSB24-26

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 9

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Medium Risk

Impact

Denial of Service
Remote Code Execution
Security Restriction Bypass
Information Disclosure
Cross-Site Scripting

System / Technologies affected

Adobe After Effects 24.1 and earlier versions
Adobe After Effects 23.6.2 and earlier versions
Photoshop 2023 24.7.2 and earlier versions
Photoshop 2024 25.3.1 and earlier versions
Adobe Commerce 2.4.7-beta3 and earlier versions
Adobe Commerce 2.4.6-p4 and earlier versions
Adobe Commerce 2.4.5-p6 and earlier versions
Adobe Commerce 2.4.4-p7 and earlier versions
Adobe Commerce 2.4.3-ext-6 and earlier versions
Adobe Commerce 2.4.2-ext-6 and earlier versions
Adobe Commerce 2.4.1-ext-6 and earlier versions
Adobe Commerce 2.4.0-ext-6 and earlier versions
Adobe Commerce 2.3.7-p4-ext-6 and earlier versions
Magento Open Source 2.4.7-beta3 and earlier versions
Magento Open Source 2.4.6-p4 and earlier versions
Magento Open Source 2.4.5-p6 and earlier versions
Magento Open Source 2.4.4-p7 and earlier versions
Adobe InDesign ID19.2 and earlier versions
Adobe InDesign ID18.5.1 and earlier versions
Adobe Experience Manager (AEM) AEM Cloud Service (CS)
Adobe Experience Manager (AEM) 6.5.19 and earlier versions
Adobe Media Encoder 24.2.1 and earlier versions
Adobe Media Encoder 23.6.4 and earlier versions
Adobe Bridge  13.0.6 and earlier versions
Adobe Bridge  14.0.2 and earlier versions
Illustrator 2024 28.3 and earlier versions
Illustrator 2023 27.9.2 and earlier versions
Adobe Animate 2023 23.0.4 and earlier versions
Adobe Animate 2024 24.0.1 and earlier versions

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update

Vulnerability Identifier

https://www.cvedetails.com/vulnerability-list.php?vendor_id=53&year=2024&month=04

Source

Adobe

Related Link

https://helpx.adobe.com/security.html/security/security-bulletin.ug.html

沒有留言:

發佈留言

訂閱：發佈留言 (Atom)