In addition, it is important to note that InDesign is not directly affected by this issue. However, the updated versions of InDesign received as part of this patch package will address the CVE that was privately reported to Adobe.
Adobe ColdFusion versions 9.0.1 (9.0.0), 10.0.1 (10.0.0), and 10.1.0 (10.0.1) are affected by a SQL injection vulnerability that could be leveraged by attackers to execute arbitrary SQL commands. This issue impacts all versions of Adobe ColdFusion, including those that are no longer supported.
An attacker could exploit this vulnerability to obtain access to critical system data or cause a denial of service. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted request.
Adobe XMP Panels versions 2.6.0 and earlier are affected by a XSS flaw that could be exploited by attackers to install a malicious XMP panel. An attacker could exploit this vulnerability to install a malicious XMP panel.
In addition, Adobe XMP Panels versions 2.6.0 and earlier are affected by a cross-site scripting flaw that could be exploited by attackers to install a malicious XMP panel. An attacker could exploit this vulnerability to install a malicious XMP panel.
In addition, Adobe XMP Panels versions 2.6.0 and earlier are affected by a cross-
Adobe Acrobat and Reader are not affected by this patch
Check the version of ColdFusion
The version of Adobe ColdFusion you are running is not specified in the release notes. The latest patch package for Adobe ColdFusion 10 addresses a vulnerability that was privately reported to Adobe.
Adobe ColdFusion 9.0.1 (9.0.0), 10.0.1 (10.0.0), and 10.1.0 (10.0.1) are impacted by a SQL injection vulnerability that could be leveraged by attackers to execute arbitrary SQL commands, which impacts all versions of Adobe ColdFusion including those that are no longer supported--ColdFusion 9 and 10, as well as the previous versions of Adobe ColdFusion--ColdFusion 8 and InDesign CS3/CS4/CS5/CS6, which were also affected by this vulnerability but received updates as part of this patch package release--InDesign CC 2017 and InDesign CC 2015 Update 3, respectively.
Impact of the patch and mitigation measures
The updated InDesign and panels patches for ColdFusion 9.0.1, 10.0.1, and 10.1.0 address the vulnerabilities that were privately reported to Adobe by a researcher in July 2018.
The patched XMP Panels versions of 2.6 apply to versions 2.6 and earlier of this product line and will automatically update when users install the patch package from Adobe's website or update their application with an application management tool like Acrobat Manager or Adobe Application Manager (AAM).
Timeline
Published on: 09/16/2022 18:15:00 UTC
Last modified on: 09/20/2022 18:40:00 UTC