Security Advisory

Adobe Product Suite March 2024 Routine Security Update Advisory

  • Mar 14 2024

Overview

 

Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. users of affected systems are advised to update to the latest version.

 

Affected Products

 

Adobe Experience Manager (AEM) aem cloud service (cs)

Adobe Experience Manager (AEM) 6.5.19.0 and below

Adobe Premiere Pro 24.1 and below

Adobe Premiere Pro 23.6.2 and earlier

ColdFusion 2023 update 6 and below

ColdFusion 2021 update 12 and below

Adobe Bridge 13.0.5 and below

Adobe Bridge 14.0.1 and earlier

Lightroom 7.1.2 and earlier

Adobe Animate 2023 23.0.3 and earlier

Adobe Animate 2024 24.0 and earlier

 

Resolved Vulnerabilities

 

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26028)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26030)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26031)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26032)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26033)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26034)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26035)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26038)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26040)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26041)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26042)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26043)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26044)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26045)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26048)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26050)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26052)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26056)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26059)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26061)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26062)

Security feature bypass vulnerability due to information leakage in Adobe Experience Manager (AEM) (CVE-2024-26063)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26064)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26065)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26067)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26069)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26073)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26080)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26094)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26096)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26102)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26103)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26104)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26105)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26106)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26107)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26118)

Security feature bypass vulnerability due to improper access control in Adobe Experience Manager (AEM) (CVE-2024-26119)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26120)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26124)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26125)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-20760)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-20768)

Security feature bypass vulnerability due to lack of input validation in Adobe Experience Manager (AEM) (CVE-2024-26126)

Security feature bypass vulnerability due to lack of input validation in Adobe Experience Manager (AEM) (CVE-2024-26127)

Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Experience Manager (AEM) (CVE-2024-26051)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Premiere Pro (CVE-2024-20745)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Premiere Pro (CVE-2024-20746)

Arbitrary file read vulnerability due to improper access control in ColdFusion 2023 (CVE-2024-20767)

Arbitrary code execution vulnerability due to unreleased memory usage (UAF) in Adobe Bridge (CVE-2024-20752)

Arbitrary code execution vulnerability due to a heap memory-based buffer overflow in Adobe Bridge (CVE-2024-20755)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Bridge (CVE-2024-20756)

Memory leak vulnerability due to an out-of-bounds read in memory in Adobe Bridge (CVE-2024-20757)

Arbitrary code execution vulnerability due to an untrusted search path in Lightroom (CVE-2024-20754)

Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Adobe Animate 2023 (CVE-2024-20761)

Memory leak vulnerability due to an out-of-bounds read of memory in Adobe Animate 2023 (CVE-2024-20762)

Memory Leak Vulnerability due to an out-of-bounds read in memory in Adobe Animate 2023 (CVE-2024-20763)

Memory leak vulnerability due to an out-of-bounds read in memory in Adobe Animate 2023 (CVE-2024-20764)

 

Vulnerability Patches

 

The following product-specific vulnerability patches were made available in the March 12, 2024 update

Adobe Experience Manager (AEM) 6.5.20.0

AEM 6.5 Service Pack Release Notes

Adobe Premiere Pro 23.6.4

Download Center

ColdFusion 2021 Update 13

Tech Note

Adobe Bridge 14.0.2

Download Page

Adobe Animate 2024 24.0.1

Download Center

 

Referenced Sites

 

Security Bulletins and Advisories

https://helpx.adobe.com/security.html/security/security-bulletin.ug.html

APSB24-05 : Security update available for Adobe Experience Manager

https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html

APSB24-12 : Security update available for Adobe Premiere Pro

https://helpx.adobe.com/security/products/premiere_pro/apsb24-12.html

APSB24-14 : Security update available for Adobe ColdFusion

https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html

APSB24-15 : Security update available for Adobe Bridge

https://helpx.adobe.com/security/products/bridge/apsb24-15.html

APSB24-17 : Security update available for Adobe Lightroom

https://helpx.adobe.com/security/products/lightroom/apsb24-17.html

APSB24-19 : Security update available for Adobe Animate

https://helpx.adobe.com/security/products/animate/apsb24-19.html

APSB24-19 : Security update available for Adobe Animate

https://helpx.adobe.com/security/products/animate/apsb24-19.html

APSB24-15 : Security update available for Adobe Bridge

https://helpx.adobe.com/security/products/bridge/apsb24-15.html

APSB24-14 : Security update available for Adobe ColdFusion

https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html

APSB24-17 : Security update available for Adobe Lightroom

https://helpx.adobe.com/security/products/lightroom/apsb24-17.html

APSB24-12 : Security update available for Adobe Premiere Pro

https://helpx.adobe.com/security/products/premiere_pro/apsb24-12.html

Tags:

Previous Post

Next Post