Center for Internet Security

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.  Adobe After Effects – Used for creating motion graphics, visual effects, and compositing in film, television, and online content.Adobe Substance 3D Viewer – A 3D visualization and editing tool for opening, adjusting, and rendering 3D models.Adobe Audition – Professional audio editing and mixing software for recording, restoring, and producing high-quality sound.Adobe InCopy – A writing and editing tool that integrates with Adobe InDesign for collaborative publishing workflows.Adobe InDesign – Used to design and publish brochures, digital magazines, eBooks, posters, and presentations.Adobe Connect – A web conferencing platform for hosting virtual meetings, webinars, and online training sessions.Adobe Dimension – A 3D design tool for creating photorealistic product mockups and brand visualizations.Adobe Substance 3D Stager – A 3D scene design and rendering tool for assembling and lighting photorealistic compositions.Adobe Illustrator – A vector graphics editor for creating logos, icons, illustrations, and typography.Adobe FrameMaker – A document processor for authoring and publishing large, structured technical documentation.Adobe Experience Manager (AEM) Forms – Enables creation and deployment of digital forms integrated with backend systems.Adobe Experience Manager (AEM) Screens – A digital signage solution for managing interactive experiences across physical displays.Adobe ColdFusion – A rapid web application development platform that supports integration with databases, APIs, and cloud services.  Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Multiple Vulnerabilities have been discovered in Microsoft SharePoint Server, which could allow for remote code execution. Microsoft SharePoint Server is a web-based collaborative platform that integrates with Microsoft Office. Successful exploitation of these vulnerabilities allows for unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network

Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the most severe of which could allow for arbitrary code execution. Mozilla Thunderbird is an email client. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

A vulnerability has been discovered FortiWeb, which could allow for SQL injection. FortiWeb is a web application firewall (WAF) developed by Fortinet. It’s designed to protect web applications and APIs from a wide range of attacks, including those targeting known vulnerabilities and zero-day exploits. Successful exploitation of this vulnerability could allow for SQL injection attacks that could lead to arbitrary code execution in the context of the system.