CVE-2022-38446 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.

An attacker could leverage social engineering or email spoofing to interact with a user and convince them to open the malicious file.

CVE Solution: Update to version 3.4.5 of Adobe Dimension.

Adobe ColdFusion versions 10.3.3, 10.3.0 and CF10.0 are affected by an XSS flaw that could be exploited by hackers to execute arbitrary code on the system of users.

CVE Solution: Update to version 10.3.3 of Adobe ColdFusion.

Adobe Creative Cloud versions are multiple products are vulnerable to one or more XSS issues including the following:
INTRODUCTION: Adobe Creative Cloud (ACC) services allow users to access a wide range of creative tools and content from a single, secure login. These include services such as InDesign, Photoshop, Illustrator, and others. As such, Creative Cloud users are often in situations where they are required to share information via a public medium, such as a blog, or via email. As such, Creative Cloud users are often in situations where they are required to share information via a public medium, such as a blog, or via email. XSS is one of the most common forms of cross-site scripting, where data is unintentionally sent across a site via a mechanism other than the intended one, often due to insufficient input validation.

Successful attacks require:

- The user to be logged into the same domain as the attacker
- The user to interact with a malicious URL.
- The attacker to gain remote code execution on the target's system.
- An XSS vulnerability in an application running on the target's system.

CVE Solution: Update to version 5.6 of Adobe Creative Cloud

APEX CMS Vulnerabilities

The vulnerabilities were identified in a beta release of APEX CMS 3.2.6-3.2.7, which was released on September 17, 2017 and is being used by many organizations and developers.
CVE Solution: Update to version 3.2.7 of APEX CMS

An attacker could leverage social engineering or email spoofing to interact with a user and convince them to open the malicious file or click a link that could lead to this outcome.

Adobe Creative Cloud - XSS Vulnerabilities

Adobe have released an updated version of the Creative Cloud (ACC) service to resolve the following vulnerabilities:
INTRODUCTION: Adobe Creative Cloud (ACC) services allow users to access a wide range of creative tools and content from a single, secure login. These include services such as InDesign, Photoshop, Illustrator, and others. As such, Creative Cloud users are often in situations where they are required to share information via a public medium, such as a blog, or via email. As such, Creative Cloud users are often in situations where they are required to share information via a public medium, such as a blog, or via email. XSS is one of the most common forms of cross-site scripting, where data is unintentionally sent across a site via a mechanism other than the intended one, often due to insufficient input validation.

Adobe Fireworks CC Software

Adobe Fireworks CC software is vulnerable to multiple XSS vulnerabilities.
CVE: CVE-2018-19975

Timeline

Published on: 10/14/2022 20:15:00 UTC
Last modified on: 10/14/2022 20:31:00 UTC

References

• https://helpx.adobe.com/security/products/dimension/apsb22-57.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38446