- 222/2023
- High
Adobe has released security updates to address multiple vulnerabilities in Adobe Acrobat and Reader, Adobe Connect, and Adobe Experience Manager.
The addressed vulnerabilities could allow the attacker to steal the victim’s cookiebased authentication credentials or execute arbitrary code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Adobe Acrobat and Adobe Reader Code Execution (CVE-2023-26369):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Adobe Experience Manager Cross-Site Scripting (CVE-2023-38214):
- CVSS: 5.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Cross-Site Scripting
Vulnerabilities
- CVE-2023-26369
- CVE-2023-38214
- CVE-2023-38215
- CVE-2023-29305
- CVE-2023-29306
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.