CVE CyberSecurity Database News

CVE-2022-38442 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.

Poster -

An attacker could leverage social engineering or email spoofing to interact with a user and convince them to open the malicious file.

CVE Solution: Update to version 3.4.5 of Adobe Dimension.

Adobe ColdFusion versions 10.3.3, 10.3.0 and CF10.0 are affected by an XSS flaw that could be exploited by hackers to execute arbitrary code on the system of users.

CVE Solution: Update to version 10.3.3 of Adobe ColdFusion.

Adobe Creative Cloud versions are multiple products are vulnerable to one or more XSS issues including the following:
INTRODUCTION: Adobe Creative Cloud (ACC) services allow users to access a wide range of creative tools and content from a single, secure login. These include services such as InDesign, Photoshop, Illustrator, and others. As such, Creative Cloud users are often in situations where they are required to share information via a public medium, such as a blog, or via email. As such, Creative Cloud users are often in situations where they are required to share information via a public medium, such as a blog, or via email. XSS is one of the most common forms of cross-site scripting, where data is unintentionally sent across a site via a mechanism other than the intended one, often due to insufficient input validation.

Adobe Creative Cloud (ACC) XSS Vulnerabilities

Adobe's Creative Cloud application is vulnerable to one or more cross-site scripting (XSS) vulnerabilities, including:

Adobe Creative Cloud XSS Vulnerabilities

Adobe Creative Cloud has been identified as vulnerable to cross-site scripting (XSS) vulnerabilities that could be exploited to compromise user information.
The XSS vulnerabilities were found in the following products: InDesign, Photoshop, Illustrator and Acrobat Pro DC.
In some cases, certain versions of these applications were impacted by a single vulnerability. In other cases, multiple vulnerabilities existed in each product. The following table provides a high-level view of the types of products affected:

CVE Solution: Update to version 12.0 or later of Adobe Creative Cloud.

Timeline

Published on: 10/14/2022 20:15:00 UTC
Last modified on: 10/14/2022 20:31:00 UTC

References