Alert GCSA-24040 - Adobe Security Bulletin - Marzo 2024


******************************************************************

Alert ID: GCSA-24040
Data: 13 Marzo 2024
Titolo: Adobe Security Bulletin - Marzo 2024

******************************************************************


:: Descrizione del problema

Adobe ha rilasciato i seguenti aggiornamenti di sicurezza:

APSB24-05 Security update available for Adobe Experience Manager
APSB24-12 Security update available for Adobe Premiere Pro
APSB24-14 Security update available for Adobe ColdFusion
APSB24-15 Security update available for Adobe Bridge
APSB24-17 Security update available for Adobe Lightroom
APSB24-19 Security update available for Adobe Animate

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Adobe Experience Manager versione 6.5.19.0 e precedenti
Adobe Premiere Pro versione 23.6.2 e precedenti
Adobe Premiere Pro versione 24.1 e precedenti
Adobe ColdFusion 2021 update 12 e precedenti
Adobe ColdFusion 2023 update 6 e precedenti
Adobe Bridge versione 13.0.5 e precedenti
Adobe Bridge versione 14.0.1 e precedenti
Adobe Lightroom versione 7.1.2 e precedenti
Adobe Animate 2023 versione 23.0.3 e precedenti
Adobe Animate 2024 versione 24.0 e precedenti

NOTA: Per le versioni del software installate in Cloud Service presso Adobe,
riceveranno aggiornamenti automatici dal produttore


:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Accesso a dati riservati (ID)
Bypass delle restrizioni di sicurezza (SRB)


:: Soluzioni

Aggiornare i software alle ultime versioni:

Adobe Experience Manager (AEM) 6.5.20.0
Adobe Premiere Pro 24.2.1
Adobe Premiere Pro 23.6.4
ColdFusion 2023 Update 7
ColdFusion 2021 Update 13
Adobe Bridge 13.0.6
Adobe Bridge 14.0.2
Lightroom 7.2
Adobe Animate 2023 23.0.4
Adobe Animate 2024 24.0.1


:: Riferimenti

Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security/security-bulletin.html
https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html
https://helpx.adobe.com/security/products/premiere_pro/apsb24-12.html
https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html
https://helpx.adobe.com/security/products/bridge/apsb24-15.html
https://helpx.adobe.com/security/products/lightroom/apsb24-17.html
https://helpx.adobe.com/security/products/animate/apsb24-19.html

CISA
https://www.cisa.gov/news-events/alerts/2024/03/12/adobe-releases-security-updates-multiple-products

CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-products-could-allow-for-arbitrary-code-execution_2024-028

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20768
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26125



GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert




-----BEGIN PGP SIGNATURE-----

iF0EAREIAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZfF6dgAKCRDBnEyTZRJg
QinlAJ9KuSOQnmKJskSy+g1bZB6qq1PbPACfaiTHo4gNbjnxQ5Ov9nXHvCwaHek=
=B4nm
-----END PGP SIGNATURE-----