Multiple Adobe Enterprise products Vulnerable To Code Execution
A variety of Adobe Enterprise merchandise equivalent to Adobe Trip, Premier Expert, ColdFusion, Bridge, Lightroom, and Animate had been chanced on with necessary code execution vulnerabilities that had been associated to Untrusted search route, Unpleasant-website online scripting, Out-of-bounds write, Employ After free, Heap-basically based buffer overflow and a lot others.
Adobe has released a number of security advisories to tackle these vulnerabilities.
Amongst all of these merchandise, Adobe Trip Manager had the ideal sequence of vulnerabilities, accounting for 43 code execution vulnerabilities associated to Unfriendly win entry to control and spoiled-website online scripting.
Vulnerability Diagnosis
In accordance with the reviews shared with Cyber Security News, successfully exploiting these vulnerabilities in any Adobe product will lead to arbitrary code execution, allowing a probability actor to sort any malicious exercise on the compromised product.
Adobe Animate
This product had four vulnerabilities, three of which had been associated to memory leaks and one associated to arbitrary code execution (CVE-2024-20761).
This vulnerability exists this ability that of an Out-of-bounds write situation on the Adobe Animate product, which a probability actor could maybe exploit to sort write actions at the terminate or initiating of the intended buffer.
This vulnerability used to be given a severity of seven.8 (Excessive).
Adobe Lightroom
This product had easiest one vulnerability, which used to be associated to arbitrary code execution that exists this ability that of an Untrusted search route.
This vulnerability used to be assigned with CVE-2024-20754, and its severity has yet to be categorized.
A probability actor could maybe exploit this vulnerability and invent code execution over the affected product.
Adobe Bridge
This product used to be chanced on with four vulnerabilities in three of which had been linked with arbitrary code execution vulnerabilities that existed this ability that of Employ after free, heap-basically based buffer overflow and Out-of-bounds write stipulations on the susceptible merchandise.
These vulnerabilities had been assigned with CVE-2024-20752 (7.8 – Excessive), CVE-2024-20755 (7.8 – Excessive), and CVE-2024-20756 (8.6 – Excessive).
Adobe ColdFusion
This product used to be chanced on with easiest one vulnerability that used to be associated to Arbitrary file system read this ability that of negative win entry to control. On the opposite hand, there had been no arbitrary code executions recent in this product.
The best vulnerability used to be assigned with CVE-2024-20767 and the severity used to be given as 8.2 (Excessive).
Adobe Premiere Expert
This product used to be chanced on with two vulnerabilities every of which had been associated to arbitrary code execution this ability that of Heap-basically based buffer overflow and Out-of-bounds write stipulations.
These vulnerabilities had been assigned with CVE-2024-20745 (7.8 – Excessive) and CVE-2024-20746 (7.8 – Excessive).
Adobe Trip Manager
As talked about earlier, this product used to be the best product with the ideal sequence of vulnerabilities. There had been 43 arbitrary code execution vulnerabilities and 3 security bypass vulnerabilities.
All of the code execution vulnerabilities existed this ability that of Unpleasant-website online scripting.
Amongst the three security bypass vulnerabilities, two of them had been this ability that of negative input validation and the diversified used to be this ability that of negative win entry to control.
Vulnerability Category | Vulnerability Affect | Severity | CVSS shameful rating | CVSS vector | CVE Number |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26028 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26030 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26031 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26032 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26033 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26034 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26035 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26038 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26040 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26041 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26042 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26043 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26044 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26045 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 4.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L | CVE-2024-26048 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 4.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N | CVE-2024-26050 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26052 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26056 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26059 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26061 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26062 |
Files Exposure (CWE-200) | Security characteristic bypass | Important | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | CVE-2024-26063 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26064 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26065 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26067 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26069 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26073 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26080 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26094 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26096 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26102 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26103 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26104 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26105 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26106 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26107 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26118 |
Unfriendly Rating entry to Adjust (CWE-284) | Security characteristic bypass | Important | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | CVE-2024-26119 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26120 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26124 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-26125 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-20760 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Important | 5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | CVE-2024-20768 |
Unfriendly Input Validation (CWE-20) | Security characteristic bypass | Reasonable | 3.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N | CVE-2024-26126 |
Unfriendly Input Validation (CWE-20) | Security characteristic bypass | Reasonable | 3.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N | CVE-2024-26127 |
Unpleasant-website online Scripting (Stored XSS) (CWE-seventy nine) | Arbitrary code execution | Reasonable | 3.4 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N | CVE-2024-26051 |
Affected Products
Affected Product | Model | Platform |
Adobe Animate 2023 | 23.0.3 and earlier variations | Dwelling windows and macOS |
Adobe Animate 2024 | 24.0 and earlier variations | Dwelling windows and macOS |
Lightroom | 7.1.2 and earlier variations | macOS |
Adobe Bridge | 13.0.5 and earlier variations | Dwelling windows and macOS |
Adobe Bridge | 14.0.1 and earlier variations | Dwelling windows and macOS |
ColdFusion 2023 | Exchange 6 and earlier variations | All |
ColdFusion 2021 | Exchange 12 and earlier variations | All |
Adobe Premiere Expert | 24.1 and earlier variations | Dwelling windows and macOS |
Adobe Premiere Expert | 23.6.2 and earlier variations | Dwelling windows and macOS |
Adobe Trip Manager (AEM) | AEM Cloud Service (CS) | All |
6.5.19.0 and earlier variations | All |
Mounted In Variations
Product | Model | Platform | Precedence | Availability |
Adobe Animate 2023 | 23.0.4 | Dwelling windows and macOS | 3 | Obtain Center |
Adobe Animate 2024 | 24.0.1 | Dwelling windows and macOS | 3 | Obtain Center |
Lightroom | 7.2 | macOS as published within the Apple App Store. | 3 | Obtain Center |
Adobe Bridge | 13.0.6 | Dwelling windows and macOS | 3 | Obtain Net page |
Adobe Bridge | 14.0.2 | Dwelling windows and macOS | 3 | Obtain Net page |
ColdFusion 2023 | Exchange 7 | All | 3 | Tech Existing |
ColdFusion 2021 | Exchange 13 | All | 3 | Tech Existing |
Adobe Premiere Expert | 24.2.1 | Dwelling windows and macOS | 3 | Obtain Center |
Adobe Premiere Expert | 23.6.4 | Dwelling windows and macOS | 3 | Obtain Center |
Adobe Trip Manager (AEM) | AEM Cloud Service Release 2024.03 | All | 3 | Release Notes |
6.5.20.0 | All | 3 | AEM 6.5 Service Pack Release Notes |
With Perimeter81 malware safety, you’ll be ready to dam malware, along with Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are extremely negative and could maybe furthermore wreak havoc for your network.
Defend updated on Cybersecurity news, Whitepapers, and Infographics. Word us on LinkedIn & Twitter.
Source credit : cybersecuritynews.com