Skip to main content

Adobe Monthly Security Update (March 2023)

Last Update Date: 16 Mar 2023 Release Date: 15 Mar 2023 4886 Views

RISK: Extremely High Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

[Updated on 2023-03-16]

The risk level escalated to extremely high due to CVE-2023-26360 was exploited in attacks as a zero-day.

 

Adobe has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotesDetails (including CVE)
MagentoMedium Risk Medium RiskInformation Disclosure
Cross-site Scripting
Remote Code Execution
Security Restriction Bypass
 APSB23-17
Adobe Experience ManagerMedium Risk Medium RiskCross-site Scripting
Remote Code Execution
Security Restriction Bypass
Elevation of Privilege
 APSB23-18
Adobe IllustratorMedium Risk Medium RiskRemote Code Execution
Information Disclosure
 APSB23-19
Adobe DimensionMedium Risk Medium RiskRemote Code Execution
Information Disclosure
 APSB23-20
Adobe Creative Cloud Desktop ApplicationMedium Risk Medium RiskRemote Code Execution APSB23-21
Adobe Substance 3D StagerMedium Risk Medium RiskRemote Code Execution
Information Disclosure
 APSB23-22
Adobe PhotoshopMedium Risk Medium RiskRemote Code Execution APSB23-23
Adobe ColdFusionExtremely High RiskExtremely High RiskRemote Code Execution
Information Disclosure

CISA has added CVE-2023-26360 to catalog of security bugs exploited in the wild.

 

APSB23-25

 

Number of 'Extremely High Risk' product(s): 1

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 7

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Extremely High Risk


Impact

  • Cross-Site Scripting
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Denial of Service
  • Security Restriction Bypass

System / Technologies affected

  • Adobe Commerce 2.4.4-p2 and earlier versions
  • Adobe Commerce 2.4.5-p1 and earlier versions
  • Magento Open Source 2.4.4-p2 and earlier versions
  • Magento Open Source 2.4.5-p1 and earlier versions
  • Adobe Experience Manager (AEM) AEM Cloud Service (CS)
  • Adobe Experience Manager (AEM) 6.5.15.0 and earlier versions
  • Illustrator 2023 27.2.0 and earlier versions
  • Adobe Dimension 3.4.7 and earlier versions
  • Creative Cloud Desktop Application 5.9.1 and earlier versions
  • Adobe Substance 3D Stager 2.0.0 and earlier versions
  • Photoshop 2022 23.5.3 and earlier versions
  • Photoshop 2023 24.1.1 and earlier versions
  • ColdFusion 2018 Update 15 and earlier versions
  • ColdFusion 2021 Update 5 and earlier versions

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update

Vulnerability Identifier


Source


Related Link