Описание
Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.1.2 (исключая)
cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.11306
Средний
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-788
CWE-119
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by an improper access control vulnerability that leads to a security feature bypass. By manipulating referer headers, an unauthenticated attacker could gain access to arbitrary pages that they are not authorized to access.
EPSS
Процентиль: 93%
0.11306
Средний
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-788
CWE-119