- 295/2023
- Critical
Adobe has released security updates to fix multiple vulnerabilities across several products.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information or trigger denial of services attacks on the affected products.
Sample of the Addressed Vulnerabilities:
1. Adobe ColdFusion Code Execution Vulnerability (CVE-2023-44351):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Adobe FrameMaker Security Bypass Vulnerability (CVE-2023-44324):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Affected Products:
- Adobe ColdFusion
- Adobe RoboHelp Server
- Adobe Acrobat and Reader
- Adobe InDesign
- Adobe Photoshop
- Adobe Bridge
- Adobe FrameMaker Publishing Server
- Adobe InCopy
- Adobe Animate
- Adobe Dimension
- Adobe Media Encoder
- Adobe Audition
- Adobe Premiere Pro
- Adobe After Effects
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.