Security Advisory

Adobe Product Suite June 2024 Routine Security Update Advisory

  • Jun 12 2024

Overview

 

Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. Users of affected systems are advised to update to the latest version.

 

Affected Products

 

Photoshop 2023 24.7.3 and below

Photoshop 2024 25.7 and below

Adobe Experience Manager (AEM) aem cloud service (cs)

Adobe Experience Manager (AEM) 6.5.20 and below

Adobe Audition 24.2 and below

Adobe Audition 23.6.4 and below

Adobe Media Encoder 24.3 and below

Adobe Media Encoder 23.6.5 and below

Adobe FrameMaker Publishing Server version 2022.2

 

Version 2020 update 3 and below

Adobe Commerce 2.4.7

2.4.6-p5

2.4.5-p7

2.4.4-p8

2.4.3-ext-7

2.4.2-ext-7

2.4.1-ext-7

2.4.0-ext-7

2.3.7-p4-ext-7* and below

Magento Open Source 2.4.7

2.4.6-p5

2.4.5-p7

2.4.4-p8 and below

Adobe Commerce Webhooks Plugin 1.2.0 to 1.4.0

ColdFusion 2023 update 7 and below

ColdFusion 2021 update 13 and below

Adobe Substance 3D Stager 2.1.4 and below

Creative Cloud Desktop Application 6.1.0.587 and below

Acrobat Android 24.4.2.33155 and below

 

Resolved Vulnerabilities

 

Arbitrary code execution vulnerability due to an out-of-bounds read in memory in Photoshop 2023 (CVE-2024-20753)

Security feature bypass vulnerability due to improper access control in Adobe Experience Manager (AEM) (CVE-2024-26029)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26036)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26037)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26039)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26049)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26053)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26057)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26058)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26066)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26068)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26070)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26071)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26072)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26074)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26075)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26077)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26078)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26081)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26082)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26083)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26085)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26088)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26089)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26090)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26091)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26092)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26093)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26095)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26110)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26111)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26113)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26114)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26115)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26116)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26117)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26121)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26123)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-20769)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-20784)

Security feature bypass vulnerability due to lack of input validation in Adobe Experience Manager (AEM) (CVE-2024-26126)

Security feature bypass vulnerability due to lack of input validation in Adobe Experience Manager (AEM) (CVE-2024-26127)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26054)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26055)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26060)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26086)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-34119)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-34120)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36141)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36142)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36143)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36144)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36146)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36147)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36148)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36149)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36150)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36151)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36152)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36153)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36154)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36155)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36156)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36157)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36158)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36159)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36160)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36161)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36162)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36163)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36164)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36165)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36166)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36167)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36168)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36169)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36170)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36171)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36172)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36173)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36174)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36175)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36176)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36177)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36178)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36179)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36180)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36181)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36182)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36183)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36184)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36185)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36186)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36187)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36188)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36189)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36190)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36191)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36192)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36193)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36194)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36195)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36196)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36197)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36198)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36199)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36200)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36201)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36202)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36203)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36204)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36205)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36206)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36207)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36208)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36209)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36210)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36211)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36212)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36213)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36214)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36215)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36216)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36217)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36218)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36219)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36220)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36221)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36222)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36223)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36224)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36225)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36227)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36228)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36229)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36230)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36231)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36232)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36233)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36234)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36235)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36236)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36238)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-36239)

Security feature bypass vulnerability due to lack of input validation in Adobe Experience Manager (AEM) (CVE-2024-36226)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe Audition (CVE-2024-30276)

Application denial of service vulnerability due to a null pointer reference in Adobe Audition (CVE-2024-30285)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe Media Encoder (CVE-2024-30278)

Privilege escalation vulnerability due to improper authentication in Adobe FrameMaker Publishing Server (CVE-2024-30299)

Elevation of privilege vulnerability due to information leakage in Adobe FrameMaker Publishing Server (CVE-2024-30300)

Arbitrary code execution vulnerability due to server-side request manipulation (SSRF) in Adobe Commerce (None)

Arbitrary code execution vulnerability due to lack of XML entity reference (XXE) restriction in Adobe Commerce (None)

Privilege escalation vulnerability due to improper authentication in Adobe Commerce (None)

Security feature bypass vulnerability due to improper authentication in Adobe Commerce (None)

Arbitrary code execution vulnerability due to lack of input validation in Adobe Commerce (Adobe Commerce Webhooks Plugin)

Arbitrary code execution vulnerability due to lack of input validation in Adobe Commerce (Adobe Commerce Webhooks Plugin)

Arbitrary code execution vulnerability due to unrestricted upload of file with dangerous type in Adobe Commerce (Adobe Commerce Webhooks Plugin)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (None)

Security feature bypass vulnerability due to improper authentication in Adobe Commerce (None)

Security feature bypass vulnerability due to improper access control in Adobe Commerce (None)

Arbitrary file read vulnerability due to improper access control in ColdFusion 2023 (CVE-2024-34112)

Security feature bypass vulnerability due to weak cryptography for passwords in ColdFusion 2023 (CVE-2024-34113)

Arbitrary code execution vulnerability due to out-of-bounds writes to memory in Adobe Substance 3D Stager (CVE-2024-34115)

Security feature bypass vulnerability due to lack of pathname restriction in Acrobat Android (CVE-2024-34129)

Security feature bypass vulnerability due to lack of authentication in Acrobat Android (CVE-2024-34130)

Arbitrary code execution vulnerability due to improper restriction of XXE in Adobe Commerce products (CVE-2024-34102)

Arbitrary code execution vulnerability due to improper input validation in Adobe Commerce products (CVE-2024-34108)

Security feature bypass vulnerability due to improper input validation in Adobe Commerce products (CVE-2024-34104)

Arbitrary code execution vulnerability in the context of the current user in Adobe Commerce products (CVE-2024-34109)

Unrestricted file upload vulnerability that could result in arbitrary code execution in Adobe Commerce products (CVE-2024-34110)

Privilege escalation vulnerability due to improper authentication validation in Adobe Commerce products (CVE-2024-34103)

Arbitrary code execution vulnerability in Adobe Commerce, Magento Open Source, and Adobe Commerce Webhooks Plugin (CVE-2024-34111 and 5 others)

Privilege escalation vulnerability in Adobe Commerce, Magento Open Source, and Adobe Commerce Webhooks Plugin (CVE-2024-34103)

Security Feature Bypass Vulnerability in Adobe Commerce, Magento Open Source, and Adobe Commerce Webhooks Plugin (CVE-2024-34104)

Vulnerability Patches

 

The June 11, 2024 update provided the following product-specific vulnerability patches.

Photoshop 2023 24.7.4

Check Adobe Referenced Sites below

Photoshop 2024 25.9

Check Adobe Referenced Sites below

Adobe Experience Manager (AEM) 6.5.21

AEM 6.5 Service Pack Release Notes

Adobe Audition 23.6.6

Download Center

Adobe Media Encoder 23.6.6

Check out the Adobe Referenced Sites below

Magento Open Source 2.4.7-p1 for 2.4.7 and earlier 2.4.6-p6 for 2.4.6-p5 and earlier 2.4.5-p8 for 2.4.5-p7 and earlier 2.4.4-p9 for 2.4.4-p8 and earlier

2.4.x release notes

Adobe Commerce Webhooks Plugin 1.5.0

Upgrade Modules and Extensions

Note: * These versions are only applicable to customers participating in the Extended Support Program 

Note: * These versions are only applicable to customers participating in the Extended Support Program

Note: * These versions are only applicable to customers participating in the Extended Support Program

ColdFusion 2021 Update 14

Tech Note

Creative Cloud Desktop Application 6.2.0.554

Download Center

Acrobat Android 24.5.0.33694

Download link

Adobe Commerce 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, 2.4.3-ext-8, 2.4.2-ext-8, 2.4.1-ext-8, 2.4.0-ext-8, 2.3.7-p4-ext-8

 

 

Referenced Sites

 

Security Bulletins and Advisories

https://helpx.adobe.com/security.html/security/security-bulletin.ug.html

APSB24-27 : Security update available for Adobe Photoshop

https://helpx.adobe.com/security/products/photoshop/apsb24-27.html

APSB24-28 : Security update available for Adobe Experience Manager

https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html

APSB24-32 : Security update available for Adobe Audition

https://helpx.adobe.com/security/products/audition/apsb24-32.html

APSB24-34 : Security update available for Adobe Media Encoder

https://helpx.adobe.com/security/products/media-encoder/apsb24-34.html

APSB24-38 : Security update available for Adobe FrameMaker Publishing Server

https://helpx.adobe.com/security/products/framemaker-publishing-server/apsb24-38.html

APSB24-40 : Security update available for Adobe Commerce

https://helpx.adobe.com/security/products/magento/apsb24-40.html

APSB24-41 : Security update available for Adobe ColdFusion

https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html

APSB24-43 : Security update available for Adobe Substance 3D Stager

https://helpx.adobe.com/security/products/substance3d_stager/apsb24-43.html

APSB24-44 : Security update available for Adobe Creative Cloud Desktop

https://helpx.adobe.com/security/products/creative-cloud/apsb24-44.html

APSB24-50 : Security update available for Adobe Acrobat Android

https://helpx.adobe.com/security/products/acrobat-android/apsb24-50.html

APSB24-50 : Security update available for Adobe Acrobat Android

https://helpx.adobe.com/security/products/acrobat-android/apsb24-50.html

APSB24-32 : Security update available for Adobe Audition

https://helpx.adobe.com/security/products/audition/apsb24-32.html

APSB24-41 : Security update available for Adobe ColdFusion

https://helpx.adobe.com/security/products/coldfusion/apsb24-41.html

APSB24-40 : Security update available for Adobe Commerce

https://helpx.adobe.com/security/products/magento/apsb24-40.html

APSB24-27 : Security update available for Adobe Photoshop

https://helpx.adobe.com/security/products/photoshop/apsb24-27.html

Tags:

Previous Post

Next Post