Adobe Monthly Security Update (June 2024)
Adobe has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes | Details (including CVE) |
| Adobe Photoshop |  Medium Risk | Remote Code Execution | APSB24-27 | |
| Adobe Experience Manager | Medium Risk | Remote Code Execution Cross-site Scripting | APSB24-28 | |
| Adobe Audition | Medium Risk | Denial of Service Information Disclosure | APSB24-32 | |
| Adobe Media Encoder | Medium Risk | Information Disclosure | APSB24-34 | |
| Adobe FrameMaker Publishing Server | Medium Risk | Information Disclosure Elevation of Privilege | APSB24-38 | |
| Adobe Commerce |  High Risk | Remote Code Execution Elevation of Privilege Cross-site Scripting | APSB24-40 | |
| Adobe ColdFusion | Medium Risk | Security Restriction Bypass | APSB24-41 | |
| Adobe Substance 3D Stager | Medium Risk | Remote Code Execution | APSB24-43 | |
| Adobe Creative Cloud Desktop | Medium Risk | Remote Code Execution | APSB24-44 | |
| Adobe Acrobat Android | Medium Risk | Security Restriction Bypass | APSB24-50 |
Number of ‘Extremely High Risk’ product(s): 0
Number of ‘High Risk’ product(s): 1
Number of ‘Medium Risk’ product(s): 10
Number of ‘Low Risk’ product(s): 0
Evaluation of overall ‘Risk Level’: High Risk
Note:
Adobe is aware that CVE-2024-34102 has been exploited in the wild in limited attacks targeting Adobe Commerce merchants.
[Updated on 2024-07-18]
Updated description and risk level.
RISK: High Risk
TYPE: Clients – Productivity Products
Impact
- Remote Code Execution
- Denial of Service
- Security Restriction Bypass
- Elevation of Privilege
- Information Disclosure
- Cross-Site Scripting
System / Technologies affected
- Adobe Photoshop 2023 24.7.3 and earlier versions
- Adobe Photoshop 2024 25.7 and earlier versions
- Adobe Experience Manager (AEM) AEM Cloud Service (CS)
- Adobe Experience Manager (AEM) 6.5.20 and earlier versions
- Adobe Audition 24.2 and earlier versions
- Adobe Audition 23.6.4 and earlier versions
- Adobe Media Encoder 24.3 and earlier versions
- Adobe Media Encoder 23.6.5 and earlier versions
- Adobe FrameMaker Publishing Server Version 2022.2 and earlier versions
- Adobe FrameMaker Publishing Server Version 2020 Update 3 and earlier versions
- Adobe Commerce 2.4.7 and earlier versions
- Adobe Commerce 2.4.6-p5 and earlier versions
- Adobe Commerce 2.4.5-p7 and earlier versions
- Adobe Commerce 2.4.4-p8 and earlier versions
- Adobe Commerce 2.4.3-ext-7 and earlier versions
- Adobe Commerce 2.4.2-ext-7 and earlier versions
- Adobe Commerce 2.4.1-ext-7 and earlier versions
- Adobe Commerce 2.4.0-ext-7 and earlier versions
- Adobe Commerce 2.3.7-p4-ext-7 and earlier versions
- Magento Open Source 2.4.7 and earlier versions
- Magento Open Source 2.4.6-p5 and earlier versions
- Magento Open Source 2.4.5-p7 and earlier versions
- Magento Open Source 2.4.4-p8 and earlier versions
- Adobe Commerce Webhooks Plugin 1.2.0 to 1.4.0
- Adobe ColdFusion 2023 Update 7 and earlier versions
- Adobe ColdFusion 2021 Update 13 and earlier versions
- Adobe Substance 3D Stager 2.1.4 and earlier versions
- Adobe Creative Cloud Desktop Application 6.1.0.587 and earlier version
- Adobe Acrobat Android 24.4.2.33155 and earlier versions
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor. Please refer to ‘Details’ column in the above table for details of individual product update or run software update
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
