Skip to main content

Adobe Monthly Security Update (February 2024)

Last Update Date: 8 Apr 2024 Release Date: 14 Feb 2024 7739 Views

RISK: Medium Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

[Updated on 2024-04-08] 

Updated the Notes for product "Magento and Adobe Commerce". 

For CVE-2024-20720, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). A report stated that this issue may have been used in scattered exploits.

To expolit this vulnerability, attackers need admin privileges. Hence, the risk level remains unchanged as Medium Risk.

The source of reference is added to Related Link section.

 

Adobe has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotesDetails (including CVE)
Magento and Adobe CommerceMedium Risk Medium RiskCross-site Scripting
Remote Code Execution
Denial of Service
Security Restriction Bypass

Scattered exploit for 

CVE-2024-20720

APSB24-03
Adobe Substance 3D PainterMedium Risk Medium RiskRemote Code Execution
Information Disclosure
Denial of Service
 APSB24-04
Adobe Acrobat and ReaderMedium Risk Medium RiskRemote Code Execution
Denial of Service
Information Disclosure
 APSB24-07
Adobe FramemakerMedium Risk Medium RiskSecurity Restriction Bypass APSB24-10
Adobe AuditionMedium Risk Medium RiskRemote Code Execution APSB24-11
Adobe Substance 3D DesignerMedium Risk Medium RiskRemote Code Execution APSB24-13

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 6

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Medium Risk


Impact

  • Remote Code Execution
  • Information Disclosure
  • Cross-Site Scripting
  • Denial of Service
  • Security Restriction Bypass

System / Technologies affected

  • Adobe Commerce 2.4.6-p3 and earlier versions
  • Adobe Commerce 2.4.5-p5 and earlier versions
  • Adobe Commerce 2.4.4-p6 and earlier versions
  • Adobe Commerce 2.4.3-ext-5 and earlier* versions
  • Adobe Commerce 2.4.2-ext-5 and earlier* versions
  • Adobe Commerce 2.4.1-ext-5 and earlier* versions
  • Adobe Commerce 2.4.0-ext-5 and earlier* versions
  • Adobe Commerce 2.3.7-p4-ext-5 and earlier* versions
  • Magento Open Source 2.4.6-p3 and earlier versions
  • Magento Open Source 2.4.5-p5 and earlier versions
  • Magento Open Source 2.4.4-p6 and earlier versions
  • Adobe Substance 3D Painter 9.1.1 and earlier versions
  • Acrobat DC 23.008.20470 and earlier versions
  • Acrobat Reader DC 23.008.20470 and earlier versions
  • Acrobat 2020 20.005.30539 and earlier versions
  • Acrobat Reader 2020 20.005.30539 and earlier versions
  • Adobe FrameMaker Publishing Server Version 2022 Update 1   and earlier versions
  • Adobe Audition 24.0.3 and earlier versions
  • Adobe Audition 23.6.2 and earlier versions
  • Adobe Substance 3D Designer 13.1.0 and earlier versions

Note:

* These versions are only applicable to customers participating in the Extended Support Program


Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update

Vulnerability Identifier


Source


Related Link