Multiple Adobe Enterprise products Vulnerable To Code Execution

by Esmeralda McKenzie
Multiple Adobe Enterprise products Vulnerable To Code Execution

Multiple Adobe Enterprise products Vulnerable To Code Execution

A variety of Adobe Enterprise merchandise Inclined To Code Execution

A variety of Adobe Enterprise merchandise equivalent to Adobe Trip, Premier Expert, ColdFusion, Bridge, Lightroom, and Animate had been chanced on with necessary code execution vulnerabilities that had been associated to Untrusted search route, Unpleasant-website online scripting, Out-of-bounds write, Employ After free, Heap-basically based buffer overflow and a lot others.

Adobe has released a number of security advisories to tackle these vulnerabilities.

EHA

Amongst all of these merchandise, Adobe Trip Manager had the ideal sequence of vulnerabilities, accounting for 43 code execution vulnerabilities associated to Unfriendly win entry to control and spoiled-website online scripting.

Vulnerability Diagnosis

In accordance with the reviews shared with Cyber Security News, successfully exploiting these vulnerabilities in any Adobe product will lead to arbitrary code execution, allowing a probability actor to sort any malicious exercise on the compromised product.

Adobe Animate

This product had four vulnerabilities, three of which had been associated to memory leaks and one associated to arbitrary code execution (CVE-2024-20761).

This vulnerability exists this ability that of an Out-of-bounds write situation on the Adobe Animate product, which a probability actor could maybe exploit to sort write actions at the terminate or initiating of the intended buffer.

This vulnerability used to be given a severity of seven.8 (Excessive).

Adobe Lightroom

This product had easiest one vulnerability, which used to be associated to arbitrary code execution that exists this ability that of an Untrusted search route.

This vulnerability used to be assigned with CVE-2024-20754, and its severity has yet to be categorized.

A probability actor could maybe exploit this vulnerability and invent code execution over the affected product.

Adobe Bridge

This product used to be chanced on with four vulnerabilities in three of which had been linked with arbitrary code execution vulnerabilities that existed this ability that of Employ after free, heap-basically based buffer overflow and Out-of-bounds write stipulations on the susceptible merchandise.

These vulnerabilities had been assigned with CVE-2024-20752 (7.8 – Excessive), CVE-2024-20755 (7.8 – Excessive), and CVE-2024-20756 (8.6 – Excessive).

Adobe ColdFusion

This product used to be chanced on with easiest one vulnerability that used to be associated to Arbitrary file system read this ability that of negative win entry to control. On the opposite hand, there had been no arbitrary code executions recent in this product.

The best vulnerability used to be assigned with CVE-2024-20767 and the severity used to be given as 8.2 (Excessive).

Adobe Premiere Expert

This product used to be chanced on with two vulnerabilities every of which had been associated to arbitrary code execution this ability that of Heap-basically based buffer overflow and Out-of-bounds write stipulations.

These vulnerabilities had been assigned with CVE-2024-20745 (7.8 – Excessive) and CVE-2024-20746 (7.8 – Excessive).

Adobe Trip Manager

As talked about earlier, this product used to be the best product with the ideal sequence of vulnerabilities. There had been 43 arbitrary code execution vulnerabilities and 3 security bypass vulnerabilities.

All of the code execution vulnerabilities existed this ability that of Unpleasant-website online scripting.

Amongst the three security bypass vulnerabilities, two of them had been this ability that of negative input validation and the diversified used to be this ability that of negative win entry to control.

Vulnerability Category Vulnerability Affect Severity CVSS shameful rating CVSS vector CVE Number
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26028
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26030
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26031
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26032
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26033
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26034
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26035
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26038
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26040
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26041
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26042
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26043
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26044
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26045
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2024-26048
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N CVE-2024-26050
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26052
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26056
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26059
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26061
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26062
Files Exposure (CWE-200) Security characteristic bypass Important 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2024-26063
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26064
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26065
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26067
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26069
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26073
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26080
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26094
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26096
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26102
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26103
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26104
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26105
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26106
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26107
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26118
Unfriendly Rating entry to Adjust (CWE-284) Security characteristic bypass Important 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2024-26119
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26120
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26124
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-26125
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-20760
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2024-20768
Unfriendly Input Validation (CWE-20) Security characteristic bypass Reasonable 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVE-2024-26126
Unfriendly Input Validation (CWE-20) Security characteristic bypass Reasonable 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVE-2024-26127
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) Arbitrary code execution Reasonable 3.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N CVE-2024-26051
Source: Adobe

Affected Products

Affected Product Model Platform
Adobe Animate 2023 23.0.3 and earlier variations Dwelling windows and macOS
Adobe Animate 2024 24.0 and earlier variations Dwelling windows and macOS
Lightroom 7.1.2 and earlier variations macOS
Adobe Bridge 13.0.5 and earlier variations Dwelling windows  and macOS
Adobe Bridge 14.0.1 and earlier variations Dwelling windows  and macOS
ColdFusion 2023 Exchange 6 and earlier variations All
ColdFusion 2021 Exchange 12 and earlier variations All
Adobe Premiere Expert 24.1 and earlier variations Dwelling windows and macOS
Adobe Premiere Expert 23.6.2 and earlier variations Dwelling windows and macOS
Adobe Trip Manager (AEM) AEM Cloud Service (CS) All
6.5.19.0 and earlier variations All

Mounted In Variations

Product Model Platform Precedence Availability
Adobe Animate  2023 23.0.4 Dwelling windows and macOS 3 Obtain Center
Adobe Animate  2024 24.0.1 Dwelling windows and macOS 3 Obtain Center
Lightroom 7.2 macOS as published within the Apple App Store. 3 Obtain Center
Adobe Bridge 13.0.6 Dwelling windows and macOS 3 Obtain Net page
Adobe Bridge 14.0.2 Dwelling windows and macOS 3 Obtain Net page   
ColdFusion 2023 Exchange 7 All 3 Tech Existing
ColdFusion 2021 Exchange 13 All 3 Tech Existing
Adobe Premiere Expert 24.2.1 Dwelling windows and macOS 3 Obtain Center  
Adobe Premiere Expert 23.6.4 Dwelling windows and macOS 3 Obtain Center  
Adobe Trip Manager (AEM) AEM Cloud Service Release 2024.03 All 3 Release Notes
6.5.20.0 All 3 AEM 6.5 Service Pack Release Notes

With Perimeter81 malware safety, you’ll be ready to dam malware, along with Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are extremely negative and could maybe furthermore wreak havoc for your network.

Defend updated on Cybersecurity news, Whitepapers, and Infographics. Word us on LinkedIn & Twitter.

Source credit : cybersecuritynews.com

Related Posts