CVE-2022-38447 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.

An attacker could leverage social engineering or email spoofing to interact with a user and convince them to open the malicious file.

CVE Solution: Update to version 3.4.5 of Adobe Dimension.

Adobe ColdFusion versions 10.3.3, 10.3.0 and CF10.0 are affected by an XSS flaw that could be exploited by hackers to execute arbitrary code on the system of users.

CVE Solution: Update to version 10.3.3 of Adobe ColdFusion.

Adobe Creative Cloud versions are multiple products are vulnerable to one or more XSS issues including the following:
INTRODUCTION: Adobe Creative Cloud (ACC) services allow users to access a wide range of creative tools and content from a single, secure login. These include services such as InDesign, Photoshop, Illustrator, and others. As such, Creative Cloud users are often in situations where they are required to share information via a public medium, such as a blog, or via email. As such, Creative Cloud users are often in situations where they are required to share information via a public medium, such as a blog, or via email. XSS is one of the most common forms of cross-site scripting, where data is unintentionally sent across a site via a mechanism other than the intended one, often due to insufficient input validation.

Adobe InDesign was vulnerable to XSS

Affected versions: 10.1, 10.2, 10.3, and earlier
Adobe InDesign was vulnerable to a cross-site scripting flaw that could be exploited by attackers to execute arbitrary code on the system of users.

Adobe Experience Cloud (AXC)

Adobe Experience Cloud (AXC) services allow users to access a wide range of creative tools and content from a single, secure login. These include services such as InDesign, Photoshop, Illustrator, and others. As such, Creative Cloud users are often in situations where they are required to share information via a public medium, such as a blog, or via email. As such, Creative Cloud users are often in situations where they are required to share information via a public medium, such as a blog, or via email. One of the most common forms of cross-site scripting is XSS. XSS is one of the most common forms of cross-site scripting, where data is unintentionally sent across a site via a mechanism other than the intended one. If an attacker manages to compromise the account of an individual user or application on ACC or AXP service (such as Adobe Experience Manager), they could leverage social engineering or email spoofing to interact with that user and convince them to open the malicious file which would lead to their computer becoming compromised by malware.[CVE-2022-38447]

Adobe Creative Cloud Multiple Products

Vulnerable to XSS Flaws
This vulnerability can be exploited by an attacker leveraging social engineering or email spoofing to interact with a user and convince them to open the malicious file.

Adobe Creative Cloud Services Are Vulnerable To XSS

As shown in the above figure, the ACC services are vulnerable to one or more XSS flaws that could allow for data exfiltration. The exploit can be leveraged in a variety of ways, such as by stealing user credentials, gaining unauthorized administrative privileges, or by uploading malicious content to a public media site.

Timeline

Published on: 10/14/2022 20:15:00 UTC
Last modified on: 10/14/2022 20:31:00 UTC

References