Alert GCSA-23035 - Adobe Security Bulletin - Marzo 2023


******************************************************************

Alert ID: GCSA-23035
Data: 15 Marzo 2023
Titolo: Adobe Security Bulletin - Marzo 2023

******************************************************************

:: Descrizione del problema

Adobe ha rilasciato i seguenti aggiornamenti di sicurezza:

APSB23-17 Security update avaable for Adobe Commerce
APSB23-18 Security updates available for Adobe Experience Manager
APSB23-19 Security Updates Available for Adobe Illustrator
APSB23-20 Security updates available for Dimension
APSB23-21 Security update available for Adobe Creative Cloud Desktop Application
APSB23-22 Security updates available for Substance 3D Stager
APSB23-23 Security update available for Adobe Photoshop
APSB23-25 Security updates available for Adobe ColdFusion

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Adobe Commerce 2.4.4-p2 e versioni precedenti
Adobe Commerce 2.4.5-p1 e versioni precedenti
Magento Open Source 2.4.4-p2 e versioni precedenti
Magento Open Source 2.4.5-p1 e versioni precedenti
Adobe Experience Manager (AEM) AEM Cloud Service (CS)
Adobe Experience Manager (AEM) 6.5.15.0 e versioni precedenti
Illustrator 2023 27.2.0 e versioni precedenti
Adobe Dimension 3.4.7 e versioni precedenti
Creative Cloud Desktop Application 5.9.1 e versioni precedenti
Adobe Substance 3D Stager 2.0.0 e versioni precedenti
Photoshop 2022 23.5.3 e versioni precedenti
Photoshop 2023 24.1.1 e versioni precedenti
ColdFusion 2018 Update 15 e versioni precedenti
ColdFusion 2021 Update 5 e versioni precedenti


:: Impatto

Cross-Site Scripting
Elevation of Privilege
Information Disclosure
Remote Code Execution
Denial of Service
Security Restriction Bypass


:: Soluzioni

Aggiornare i software alle ultime versioni

Adobe Commerce 2.4.6, 2.4.5-p2, 2.4.4-p3
Magento Open Source 2.4.6, 2.4.5-p2, 2.4.4-p3
Adobe Experience Manager (AEM) AEM Cloud Service Release 2023.1
Adobe Experience Manager (AEM) 6.5.16.0
Illustrator 2023 27.3.1
Adobe Dimension 3.4.8
Creative Cloud Desktop Application 5.10
Adobe Substance 3D Stager 2.0.1
Photoshop 2022 23.5.4
Photoshop 2023 24.2.1
ColdFusion 2018 Update 16
ColdFusion 2021 Update 6


:: Riferimenti

Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security/security-bulletin.html
https://helpx.adobe.com/security/products/magento/apsb23-17.html
https://helpx.adobe.com/security/products/experience-manager/apsb23-18.html
https://helpx.adobe.com/security/products/illustrator/apsb23-19.html
https://helpx.adobe.com/security/products/dimension/apsb23-20.html
https://helpx.adobe.com/security/products/creative-cloud/apsb23-21.html
https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html
https://helpx.adobe.com/security/products/photoshop/apsb23-23.html
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

Mitre CVE
I riferimenti CVE sono disponibili nell'advisory originale.


GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----

iD8DBQFkEZDIwZxMk2USYEIRCPi9AJ9P2peKnyeP7Go1Y6ljaI8TWPat4ACghGBd
nNBh5shuiAuwaNiqihuo81E=
=gZBY
-----END PGP SIGNATURE-----