Skip to main content

Adobe Monthly Security Update (June 2024)

Last Update Date: 18 Jul 2024 Release Date: 12 Jun 2024 4707 Views

RISK: High Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

Adobe has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotesDetails (including CVE)
Adobe PhotoshopMedium Risk Medium RiskRemote Code Execution APSB24-27
Adobe Experience ManagerMedium Risk Medium Risk

Remote Code Execution
Security Restriction Bypass

Cross-site Scripting

 APSB24-28
Adobe AuditionMedium Risk Medium RiskDenial of Service
Information Disclosure
 APSB24-32
Adobe Media EncoderMedium Risk Medium Risk

Information Disclosure

 APSB24-34
Adobe FrameMaker Publishing ServerMedium Risk Medium Risk

Information Disclosure

Elevation of Privilege

 APSB24-38
Adobe CommerceHigh RiskHigh Risk

Remote Code Execution

Elevation of Privilege
Security Restriction Bypass

Cross-site Scripting

 APSB24-40
Adobe ColdFusionMedium Risk Medium Risk

Security Restriction Bypass

 APSB24-41
Adobe Substance 3D StagerMedium Risk Medium RiskRemote Code Execution APSB24-43
Adobe Creative Cloud DesktopMedium Risk Medium RiskRemote Code Execution APSB24-44
Adobe Acrobat AndroidMedium Risk Medium RiskSecurity Restriction Bypass APSB24-50

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 1

Number of 'Medium Risk' product(s): 10

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': High Risk

 

Note:

Adobe is aware that CVE-2024-34102 has been exploited in the wild in limited attacks targeting Adobe Commerce merchants.

 

[Updated on 2024-07-18]

Updated description and risk level.


Impact

  • Remote Code Execution
  • Denial of Service
  • Security Restriction Bypass
  • Elevation of Privilege
  • Information Disclosure
  • Cross-Site Scripting

System / Technologies affected

  • Adobe Photoshop 2023 24.7.3 and earlier versions    
  • Adobe Photoshop 2024 25.7 and earlier versions
  • Adobe Experience Manager (AEM) AEM Cloud Service (CS)
  • Adobe Experience Manager (AEM) 6.5.20 and earlier versions
  • Adobe Audition 24.2 and earlier versions
  • Adobe Audition 23.6.4 and earlier versions     
  • Adobe Media Encoder 24.3 and earlier versions
  • Adobe Media Encoder 23.6.5 and earlier versions
  • Adobe FrameMaker Publishing Server Version 2022.2 and earlier versions
  • Adobe FrameMaker Publishing Server Version 2020 Update 3 and earlier versions
  • Adobe Commerce  2.4.7 and earlier versions
  • Adobe Commerce 2.4.6-p5 and earlier versions
  • Adobe Commerce 2.4.5-p7 and earlier versions
  • Adobe Commerce 2.4.4-p8 and earlier versions
  • Adobe Commerce 2.4.3-ext-7 and earlier versions
  • Adobe Commerce 2.4.2-ext-7 and earlier versions
  • Adobe Commerce 2.4.1-ext-7 and earlier versions
  • Adobe Commerce 2.4.0-ext-7 and earlier versions
  • Adobe Commerce 2.3.7-p4-ext-7 and earlier versions
  • Magento Open Source 2.4.7 and earlier versions
  • Magento Open Source 2.4.6-p5 and earlier versions
  • Magento Open Source 2.4.5-p7 and earlier versions
  • Magento Open Source 2.4.4-p8 and earlier versions
  • Adobe Commerce Webhooks Plugin 1.2.0 to 1.4.0
  • Adobe ColdFusion 2023 Update 7 and earlier versions
  • Adobe ColdFusion 2021 Update 13 and earlier versions
  • Adobe Substance 3D Stager 2.1.4 and earlier versions 
  • Adobe Creative Cloud Desktop Application 6.1.0.587 and earlier version
  • Adobe Acrobat Android 24.4.2.33155 and earlier versions

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update

Vulnerability Identifier


Source


Related Link