Skip to main content

Adobe Monthly Security Update (October 2022)

Release Date: 12 Oct 2022 5263 Views

RISK: Medium Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

Adobe has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotesDetails (including CVE)
Adobe ColdFusionMedium Risk Medium RiskRemote Code Execution
Information Disclosure
Elevation of Privilege
Security Restriction Bypass
Data Manipulation
 APSB22-44
Adobe Acrobat and ReaderMedium Risk Medium RiskDenial of Service
Information Disclosure
Remote Code Execution
 APSB22-46
MagentoMedium Risk Medium RiskCross-site Scripting
Remote Code Execution
 APSB22-48
Adobe AnimateMedium Risk Medium RiskRemote Code Execution
Information Disclosure
 APSB22-57

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 4

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Medium Risk


Impact

  • Remote Code Execution
  • Information Disclosure
  • Elevation of Privilege
  • Security Restriction Bypass
  • Data Manipulation
  • Denial of Service
  • Cross-Site Scripting

System / Technologies affected

  • Adobe ColdFusion 2018 Update 14 and earlier versions
  • Adobe ColdFusion 2021 Update 4 and earlier versions
  • Adobe Acrobat DC 22.002.20212 and earlier versions
  • Adobe Acrobat Reader DC 22.002.20212 and earlier versions
  • Adobe Acrobat 2020 20.005.30381 and earlier versions
  • Adobe Acrobat Reader 2020 20.005.30381 and earlier versions
  • Adobe Commerce 2.4.4-p1 and earlier versions
  • Adobe Commerce 2.4.5 and earlier versions
  • Adobe Magento Open Source 2.4.4-p1 and earlier versions
  • Adobe Magento Open Source 2.4.5 and earlier versions
  • Adobe Dimension 3.4.5 and earlier versions

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update

Vulnerability Identifier


Source


Related Link